CVSS: 6.1EPSS: 0%CPEs: 34EXPL: 0CVE-2014-7982
https://notcve.org/view.php?id=CVE-2014-7982
08 Oct 2014 — Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Joomla! CMS 2.5.x anterior a 2.5.19 y 3.x anterior a 3.2.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://developer.joomla.org/security/580-20140303-core-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2013-5583
https://notcve.org/view.php?id=CVE-2013-5583
29 Dec 2013 — Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. Cross-site scripting (XSS) en libraries/idna_convert/example.php de Joomla! 3.1.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro lang. • http://disse.cting.org/2013/08/05/joomla-core-3_1_5_reflected-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 59%CPEs: 24EXPL: 3CVE-2013-5576 – Joomla! Component Media Manager - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2013-5576
09 Oct 2013 — administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013. administrator/components/com_media/helpers/media.php en el gestor de medios de Joomla! 2.5.x anterior a la versión 2.5.14 y 3.x anterior a 3.1.5 permite a usuarios remot... • https://www.exploit-db.com/exploits/27610 • CWE-20: Improper Input Validation •