CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11327
https://notcve.org/view.php?id=CVE-2018-11327
22 May 2018 — An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission. Se ha descubierto un problema en Joomla! Core en versiones anteriores a la 3.8.8. • http://www.securityfocus.com/bid/104273 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11328
https://notcve.org/view.php?id=CVE-2018-11328
22 May 2018 — An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability. Se ha descubierto un problema en Joomla! Core en versiones anteriores a la 3.8.8. • http://www.securityfocus.com/bid/104269 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 0CVE-2018-6378
https://notcve.org/view.php?id=CVE-2018-6378
22 May 2018 — In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager. En Joomla! Core en versiones anteriores a la 3.8.8, el filtrado inadecuado de nombres de archivo y carpeta conduce a varios vectores de ataque XSS en el gestor multimedia. • http://www.securityfocus.com/bid/104268 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 66%CPEs: 1EXPL: 1CVE-2018-8045
https://notcve.org/view.php?id=CVE-2018-8045
14 Mar 2018 — In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view. En Joomla!, de la versión 3.5.0 a la 3.8.5, la falta de casting de tipos en una variable de una instrucción SQL conduce a una vulnerabilidad de inyección SQL en la vista de lista User Notes. • https://github.com/luckybool1020/CVE-2018-8045 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 1CVE-2018-6376
https://notcve.org/view.php?id=CVE-2018-6376
30 Jan 2018 — In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message. En Joomla!, en versiones anteriores a la 3.8.4, la falta de casting de tipos en una variable de una instrucción SQL conduce a una vulnerabilidad de inyección SQL en el mensaje Hathor posinstalación. • https://github.com/knqyf263/CVE-2018-6376 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 46%CPEs: 1EXPL: 0CVE-2018-6377
https://notcve.org/view.php?id=CVE-2018-6377
30 Jan 2018 — In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox En Joomla!, en versiones anteriores a la 3.8.4, el filtrado de entradas inadecuado en com_fields lleva a una vulnerabilidad de XSS en múltiples tipos de campo, por ejemplo, list, radio y checkbox. • http://www.securityfocus.com/bid/102917 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 0CVE-2018-6379
https://notcve.org/view.php?id=CVE-2018-6379
30 Jan 2018 — In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability. En Joomla!, en versiones anteriores a la 3.8.4, el filtrado de entradas inadecuado en la clase Uri (anteriormente JUri) conduce a una vulnerabilidad de XSS. • http://www.securityfocus.com/bid/102918 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 0CVE-2018-6380
https://notcve.org/view.php?id=CVE-2018-6380
30 Jan 2018 — In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system. En Joomla!, en versiones anteriores a la 3.8.4, la falta de escapado en el módulo chromes conduce a vulnerabilidades de XSS en el sistema de módulos. • http://www.securityfocus.com/bid/102921 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16633
https://notcve.org/view.php?id=CVE-2017-16633
09 Nov 2017 — In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users. En Joomla! en versiones anteriores a la 3.8.2, un error de lógica en com_fields exponía información de solo lectura sobre los campos personalizados de una página a usuarios no autorizados. • http://www.securityfocus.com/bid/101702 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16634
https://notcve.org/view.php?id=CVE-2017-16634
09 Nov 2017 — In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method. En Joomla! en versiones anteriores a la 3.8.2, un error permitía a terceras partes omitir el método de autenticación de doble factor de un usuario. • http://www.securityfocus.com/bid/101701 • CWE-287: Improper Authentication •