Page 14 of 174 results (0.014 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability. Se descubrió un problema en Joomla! versiones anteriores a la versión 3.9.13. • https://developer.joomla.org/security-centre/794-20191001-core-csrf-in-com-template-overrides-view.html • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure. Se descubrió un problema en Joomla! versiones anteriores a 3.9.13. • https://developer.joomla.org/security-centre/795-20191002-core-path-disclosure-in-phpuft8-mapping-files.html • CWE-862: Missing Authorization •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates. En Joomla! versiones 3.x anteriores a 3.9.12, el escape inadecuado permitió ataques de tipo XSS utilizando el parámetro logo de las plantillas predeterminadas. • https://developer.joomla.org/security-centre/791-20190901-core-xss-in-logo-parameter-of-default-templates.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms. En Joomla! versiones anteriores a 3.9.11, las comprobaciones inadecuadas en la función com_contact podrían permitir el envío de correo en formularios deshabilitados. • https://developer.joomla.org/security-centre/789-20190801-core-hardening-com-contact-contact-form •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9. cPanel anterior al versión 67.9999.103, permite que los archivos de registro del Servidor HTTP de Apache sean legibles en todo el mundo debido al manejo inapropiado de un cambio de nombre de cuenta (SEC-296). • https://developer.joomla.org/security-centre/787-20190701-core-filter-attribute-in-subform-fields-allows-remote-code-execution.html •