Page 13 of 65 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0

CVE-2013-3058

https://notcve.org/view.php?id=CVE-2013-3058

Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! v2.5.x anterior a v2.5.10 y v3.0.x anterior a v3.0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores sin especificar. • http://developer.joomla.org/security/81-20130403-core-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0

CVE-2013-3059

https://notcve.org/view.php?id=CVE-2013-3059

Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el plugin Voting en Joomla! v2.5.x anterior a v2.5.10 y v3.0.x anterior a v3.0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores sin especificar. • http://developer.joomla.org/security/80-20130405-core-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0

CVE-2013-3267

https://notcve.org/view.php?id=CVE-2013-3267

Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el plugin highlighter en Joomla! v2.5.x anterior a v2.5.10 y v3.0.x anterior a v3.0.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://developer.joomla.org/security/86-20130407-core-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 2%CPEs: 14EXPL: 3

CVE-2013-3242 – Joomla! 3.0.3 - 'remember.php' PHP Object Injection

https://notcve.org/view.php?id=CVE-2013-3242

plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors. plugins/system/remember/remember.php en Joomla! v2.5.x anterior a v2.5.10 y v3.0.x anterior a v3.0.4 no controla correctamente un objeto obtenido por la "serialización" de una cookie, lo que permite a los usuarios remotos autenticados realizar ataques de inyección de objetos PHP y provocar una denegación de servicio a través de vectores no especificados. Joomla! versions 3.0.3 and below suffer from a PHP object injection vulnerability in remember.php. • https://www.exploit-db.com/exploits/25087 http://archives.neohapsis.com/archives/bugtraq/2013-04/0232.html http://developer.joomla.org/security/85-20130406-core-dos-vulnerability.html http://karmainsecurity.com/KIS-2013-04 http://www.exploit-db.com/exploits/25087 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 2

CVE-2013-1453 – Joomla! 3.0.2 - 'highlight.php' PHP Object Injection

https://notcve.org/view.php?id=CVE-2013-1453

plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist. El archivo plugins/system/highlight/highlight.php en Joomla! versiones 3.0.x hasta 3.0.2 y versiones 2.5.x hasta 2.5.8, permite a atacantes deserializar objetos PHP arbitrarios para obtener información confidencial, eliminar directorios arbitrarios, conducir ataques de inyección SQL, y posiblemente tener otros impactos por medio del parámetro highlight. • https://www.exploit-db.com/exploits/24551 http://developer.joomla.org/security/news/548-20130201-core-information-disclosure.html http://karmainsecurity.com/KIS-2013-03 http://karmainsecurity.com/analysis-of-the-joomla-php-object-injection-vulnerability https://exchange.xforce.ibmcloud.com/vulnerabilities/81925 •