Page 11 of 90 results (0.004 seconds)

CVSS: 9.8EPSS: 52%CPEs: 1EXPL: 3

An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory. Un problema fue descubierto en Joomla! versiones anteriores a 3.9.5. • https://www.exploit-db.com/exploits/46710 https://github.com/dpgg101/CVE-2019-10945 http://packetstormsecurity.com/files/152515/Joomla-3.9.4-Arbitrary-File-Deletion-Directory-Traversal.html https://developer.joomla.org/security-centre/777-20190401-core-directory-traversal-in-com-media • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! before 3.9.4. The media form field lacks escaping, leading to XSS. Se ha descubierto un problema en versiones anteriores a la 3.9.4 de Joomla!. El campo "media form" carece de la funcionalidad de escape, conduciendo a Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/107369 https://developer.joomla.org/security-centre/774-20190303-core-xss-in-media-form-field • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS. Se ha descubierto un problema en versiones anteriores a la 3.9.4 de Joomla!. El diseño item_title en edit views carece de la funcionalidad de escape, conduciendo a Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/107371 https://developer.joomla.org/security-centre/773-20190302-core-xss-in-item-title-layout • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability. Se ha descubierto un problema en versiones anteriores a la 3.9.3 de Joomla!. El filtrado inadecuado de los campos de URL en varios componentes core podría conducir a una vulnerabilidad XSS. • https://developer.joomla.org/security-centre/765-20190201-core-lack-of-url-filtering-in-various-core-components • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! before 3.9.3. The "No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior. However, it might be unexpected for the user because the configuration dialog lacks an additional message to explain this. • http://www.securityfocus.com/bid/107015 https://developer.joomla.org/security-centre/767-20190203-core-additional-warning-in-the-global-configuration-textfilter-settings •