Page 16 of 93 results (0.008 seconds)

CVSS: 6.1EPSS: 0%CPEs: 103EXPL: 1

Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability. Perdidos tokens CSRF verificados y validación inapropiada de la entrada en Joomla! CMS 1.7.3 hasta la 3.7.2 que lleva a una vulnerabilidad XSS. • https://github.com/xyringe/CVE-2017-9934 http://www.securityfocus.com/bid/99451 http://www.securitytracker.com/id/1038817 https://developer.joomla.org/security-centre/697-20170602-core-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 114EXPL: 0

Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents. Invalidación del cache inapropiada en Joomla! CMS 1.7.3 hasta la 3.7.2 que lleva a una revelación de los contenidos • http://www.securityfocus.com/bid/99450 http://www.securitytracker.com/id/1038817 https://developer.joomla.org/security-centre/696-20170601-core-information-disclosure • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 137EXPL: 0

In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers. Al enviar un email utilizando JMail API, en Joomla! 1.5.0 hasta 3.6.5, se divulga en la cabecera del email la versión de PHPMailer utilizada. El fallo ha sido corregido en la versión 3.7.0. • http://www.securityfocus.com/bid/98016 https://developer.joomla.org/security-centre/683-20170401-core-information-disclosure • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 120EXPL: 0

In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article. El filtrado inadecuado del contenido de los formularios en Joomla! 1.6.0 hasta 3.6.5 permite la sobreescritura del autor de un artículo. El fallo se ha corregido en la versión 3.7.0. • http://www.securityfocus.com/bid/98022 https://developer.joomla.org/security-centre/688-20170406-core-acl-violations •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components. El filtrado inadecuado de caracteres multibyte, en Joomla 1.5.0 hasta 3.6.5, puede derivar en vulnerabilidades XSS en varios componentes. El fallo se ha corregido en la versión 3.7.0. • http://www.securityfocus.com/bid/98020 http://www.securitytracker.com/id/1038817 https://developer.joomla.org/security-centre/685-20170403-core-xss-vulnerability https://fortiguard.com/zeroday/FG-VD-17-107 https://fortiguard.com/zeroday/FG-VD-17-108 https://fortiguard.com/zeroday/FG-VD-17-109 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •