Page 11 of 186 results (0.010 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://developer.joomla.org/security-centre/802-20200301-core-csrf-in-com-templates-image-actions • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://developer.joomla.org/security-centre/805-20200304-core-identifier-collisions-in-com-users • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://github.com/HoangKien1020/CVE-2020-10238 https://developer.joomla.org/security-centre/804-20200303-core-incorrect-access-control-in-com-templates • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass. En com_mailto de Joomla! versiones 1.5.x hasta 1.5.13, presenta una omisión de tiempo de espera de correo automatizada. • https://developer.joomla.org/security/news/303-20090723-core-com-mailto-timeout-issue.html https://www.openwall.com/lists/oss-security/2011/12/25/9 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities. Se detectó un problema en Joomla! versiones anteriores a 3.9.15. • https://developer.joomla.org/security-centre/798-20200101-core-csrf-in-batch-actions • CWE-352: Cross-Site Request Forgery (CSRF) •