Page 12 of 101 results (0.022 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector. Un problema fue descubierto en Joomla antes del 3.9.6. Las vistas de depuración de com_users no escapan correctamente a los datos proporcionados por el usuario, lo que conduce a un posible vector de ataque XSS. • https://developer.joomla.org/security-centre/780-20190501-core-xss-in-com-users-acl-debug-view • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 2%CPEs: 218EXPL: 4

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminación de Object.prototype. Si un objeto fuente no sanitizado contenía una propiedad enumerable __proto__, podría extender el Object.prototype nativo. A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. • https://github.com/isacaya/CVE-2019-11358 https://github.com/ossf-cve-benchmark/CVE-2019-11358 https://github.com/Snorlyd/https-nj.gov---CVE-2019-11358 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html http://packetstormsecurity.c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! before 3.9.5. The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users. Se descubrió un problema en Joomla! versión anterior al 3.9.5. • https://developer.joomla.org/security-centre/778-20190402-core-helpsites-refresh-endpoint-callable-for-unauthenticated-users • CWE-306: Missing Authentication for Critical Function •

CVSS: 9.8EPSS: 52%CPEs: 1EXPL: 3

An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory. Un problema fue descubierto en Joomla! versiones anteriores a 3.9.5. • https://www.exploit-db.com/exploits/46710 https://github.com/dpgg101/CVE-2019-10945 http://packetstormsecurity.com/files/152515/Joomla-3.9.4-Arbitrary-File-Deletion-Directory-Traversal.html https://developer.joomla.org/security-centre/777-20190401-core-directory-traversal-in-com-media • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! before 3.9.4. The JSON handler in com_config lacks input validation, leading to XSS. Se ha descubierto un problema en versiones anteriores a la 3.9.4 de Joomla!. El manipulador JSON en com_config carece de una validación de entradas, conduciendo a Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/107374 https://developer.joomla.org/security-centre/772-20190301-core-xss-in-com-config-json-handler • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •