CVE-2020-10242
https://notcve.org/view.php?id=CVE-2020-10242
An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://developer.joomla.org/security-centre/803-20200302-core-xss-in-protostar-and-beez3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-10241
https://notcve.org/view.php?id=CVE-2020-10241
An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://developer.joomla.org/security-centre/802-20200301-core-csrf-in-com-templates-image-actions • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-10240
https://notcve.org/view.php?id=CVE-2020-10240
An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://developer.joomla.org/security-centre/805-20200304-core-identifier-collisions-in-com-users • CWE-20: Improper Input Validation •
CVE-2020-10239
https://notcve.org/view.php?id=CVE-2020-10239
An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://github.com/HoangKien1020/CVE-2020-10239 https://developer.joomla.org/security-centre/806-20200305-core-incorrect-access-control-in-com-fields-sql-field • CWE-863: Incorrect Authorization •
CVE-2020-10238
https://notcve.org/view.php?id=CVE-2020-10238
An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://github.com/HoangKien1020/CVE-2020-10238 https://developer.joomla.org/security-centre/804-20200303-core-incorrect-access-control-in-com-templates • CWE-668: Exposure of Resource to Wrong Sphere •