CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15881
https://notcve.org/view.php?id=CVE-2018-15881
29 Aug 2018 — An issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can lead to an ACL violation. Se ha descubierto un problema en Joomla! en versiones anteriores a la 3.8.12. • http://www.securityfocus.com/bid/105161 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-15882
https://notcve.org/view.php?id=CVE-2018-15882
29 Aug 2018 — An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter. Se ha descubierto un problema en Joomla! en versiones anteriores a la 3.8.12. • http://www.securityfocus.com/bid/105166 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2018-12711
https://notcve.org/view.php?id=CVE-2018-12711
26 Jun 2018 — An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL. Se ha descubierto un problema de Cross-Site Scripting (XSS) en el módulo language switcher en Joomla! • http://www.securityfocus.com/bid/104565 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2018-12712
https://notcve.org/view.php?id=CVE-2018-12712
26 Jun 2018 — An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion. Se ha descubierto un problema en Joomla! • http://www.securityfocus.com/bid/104566 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11321
https://notcve.org/view.php?id=CVE-2018-11321
22 May 2018 — An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. Se ha descubierto un problema en com_fields en Joomla! Core en versiones anteriores a la 3.8.8. • http://www.securityfocus.com/bid/104271 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11322
https://notcve.org/view.php?id=CVE-2018-11322
22 May 2018 — An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver. Se ha descubierto un problema en Joomla! Core en versiones anteriores a la 3.8.8. • http://www.securityfocus.com/bid/104272 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11323
https://notcve.org/view.php?id=CVE-2018-11323
22 May 2018 — An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions. Se ha descubierto un problema en Joomla! Core en versiones anteriores a la 3.8.8. • http://www.securityfocus.com/bid/104276 • CWE-269: Improper Privilege Management •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11324
https://notcve.org/view.php?id=CVE-2018-11324
22 May 2018 — An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated. Se ha descubierto un problema en Joomla! Core en versiones anteriores a la 3.8.8. • http://www.securityfocus.com/bid/104274 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11325
https://notcve.org/view.php?id=CVE-2018-11325
22 May 2018 — An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen. Se ha descubierto un problema en Joomla! Core en versiones anteriores a la 3.8.8. • http://www.securityfocus.com/bid/104278 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11326
https://notcve.org/view.php?id=CVE-2018-11326
22 May 2018 — An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack. Se ha descubierto un problema en Joomla! • http://www.securityfocus.com/bid/104270 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •