CVE-2012-5827
https://notcve.org/view.php?id=CVE-2012-5827
Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection." Joomla! versiones 2.5.x anteriores a 2.5.8 y versiones 3.0.x anteriores a 3.0.2, permite a los atacantes remotos conducir ataques de secuestro de cliqueo por medio de vectores no especificados que implican "Inadequate protection". • http://developer.joomla.org/security/news/543-20121101-core-clickjacking.html http://developer.joomla.org/security/news/544-20121102-core-clickjacking.html http://secunia.com/advisories/51187 http://www.securityfocus.com/bid/56397 http://www.securitytracker.com/id?1027744 https://exchange.xforce.ibmcloud.com/vulnerabilities/79925 •
CVE-2012-4532
https://notcve.org/view.php?id=CVE-2012-4532
Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en modules/mod_languages/tmpl/default.php en el módulo Language Switcher para Joomla! v2.5.x antes de v2.5.7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de PATH_INFO a index.php. • http://developer.joomla.org/security/news/540-20120902-core-xss-vulnerability http://secunia.com/advisories/49678 http://www.darksecurity.de/advisories/2012/SSCHADV2012-014.txt http://www.joomla.org/announcements/release-news/5463-joomla-2-5-7-released.html http://www.openwall.com/lists/oss-security/2012/10/07/3 http://www.openwall.com/lists/oss-security/2012/10/19/4 http://www.osvdb.org/83490 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-4531
https://notcve.org/view.php?id=CVE-2012-4531
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! v2.5.x antes de v2.5.7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especifidados. • http://developer.joomla.org/security/news/539-20120901-core-xss-vulnerability http://secunia.com/advisories/49678 http://www.joomla.org/announcements/release-news/5463-joomla-2-5-7-released.html http://www.openwall.com/lists/oss-security/2012/10/07/3 http://www.openwall.com/lists/oss-security/2012/10/19/4 https://exchange.xforce.ibmcloud.com/vulnerabilities/79725 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-4909 – Joomla! 1.5.x - Cross-Site Scripting / Information Disclosure
https://notcve.org/view.php?id=CVE-2011-4909
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! anteriores a v1.5.12, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la cabecera HTTP_REFERER sobre(1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, o (4) templates/beez/html/com_content/article/form.php. • https://www.exploit-db.com/exploits/33061 http://archives.neohapsis.com/archives/bugtraq/2009-07/0012.html http://developer.joomla.org/security/news/298-20090604-core-frontend-xss-httpreferer-not-properly-filtered.html http://secunia.com/advisories/35668 http://www.openwall.com/lists/oss-security/2011/12/25/3 http://www.openwall.com/lists/oss-security/2011/12/25/8 http://www.osvdb.org/55589 http://www.securityfocus.com/bid/35544 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-4910
https://notcve.org/view.php?id=CVE-2011-4910
Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! anteriores a v1.5.12, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro PATH_INFO. • http://developer.joomla.org/security/news/299-20090605-core-frontend-xss-phpself-not-properly-filtered.html http://secunia.com/advisories/35668 http://www.openwall.com/lists/oss-security/2011/12/25/3 http://www.openwall.com/lists/oss-security/2011/12/25/8 http://www.osvdb.org/55590 http://www.securityfocus.com/bid/35544 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •