CVE-2020-8420
https://notcve.org/view.php?id=CVE-2020-8420
An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability. Se detectó un problema en Joomla! versiones anteriores a 3.9.15. • https://developer.joomla.org/security-centre/799-20200102-core-csrf-com-templates-less-compiler • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2011-3595
https://notcve.org/view.php?id=CVE-2011-3595
Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters. Se presentan múltiples vulnerabilidades de tipo Cross-site Scripting (XSS) en Joomla! versiones hasta 1.7.0, en el archivo index.php en los parámetros search word, extension, asset y author. • http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.7.0-stable%5D_cross_site_scripting%28XSS%29 https://www.openwall.com/lists/oss-security/2011/10/04/7 https://www.rapid7.com/db/vulnerabilities/joomla-20110902-core-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-4907
https://notcve.org/view.php?id=CVE-2011-4907
Joomla! 1.5x through 1.5.12: Missing JEXEC Check Joomla! versión versiones 1.5x hasta 1.5.12: una Falta de Comprobación de JEXEC. • https://developer.joomla.org/security/news/301-20090722-core-file-upload.html https://www.openwall.com/lists/oss-security/2011/12/25/7 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2012-1563 – Joomla! < 2.5.2 - Admin Creation
https://notcve.org/view.php?id=CVE-2012-1563
Joomla! before 2.5.3 allows Admin Account Creation. Joomla! versiones anteriores a 2.5.3, permite la Creación de Cuentas de Administrador. • https://www.exploit-db.com/exploits/41156 http://www.openwall.com/lists/oss-security/2012/03/19/11 https://developer.joomla.org/security/news/395-20120303-core-privilege-escalation.html • CWE-269: Improper Privilege Management •
CVE-2012-1562
https://notcve.org/view.php?id=CVE-2012-1562
Joomla! core before 2.5.3 allows unauthorized password change. Joomla! core versiones anteriores a 2.5.3, permite el cambio no autorizado de contraseña. • http://www.openwall.com/lists/oss-security/2012/03/19/11 https://developer.joomla.org/security/news/394-20120304-core-password-change.html • CWE-330: Use of Insufficiently Random Values •