CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7743
https://notcve.org/view.php?id=CVE-2019-7743
An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files. Se ha descubierto un problema en versiones anteriores a la 3.9.3 de Joomla!. El wrapper de transmisión phar:// puede emplearse para ataques de inyección de objetos debido a que no existe un mecanismo de protección (como el wrapper de transmisión PHAR TYPO3) para evitar el uso del manejador phar:// para los archivos que no son .phar. • http://www.securityfocus.com/bid/107050 https://developer.joomla.org/security-centre/770-20190206-core-implement-the-typo3-phar-stream-wrapper • CWE-502: Deserialization of Untrusted Data CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7740
https://notcve.org/view.php?id=CVE-2019-7740
An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector. Se ha descubierto un problema en versiones anteriores a la 3.9.3 de Joomla!. El manejo inadecuado de parámetros en el código JavaScript (writeDynaList en core.js) podría conducir a un vector de ataque XSS. • https://developer.joomla.org/security-centre/769-20190205-core-xss-issue-in-core-js-writedynalist • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7741
https://notcve.org/view.php?id=CVE-2019-7741
An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS. Se ha descubierto un problema en versiones anteriores a la 3.9.3 de Joomla!. Las comprobaciones incorrectas de las opciones de la URL de ayuda "Global Configuration" permitían Cross-Site Scripting (XSS) persistente. • https://developer.joomla.org/security-centre/768-20190204-core-stored-xss-issue-in-the-global-configuration-help-url-2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-6263 – Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings
https://notcve.org/view.php?id=CVE-2019-6263
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS. Se ha descubierto un problema en versiones anteriores a la 3.9.2 de Joomla!. Las comprobaciones incorrectas de las opciones del filtrado de texto "Global Configuration" permitían Cross-Site Scripting (XSS) persistente. • https://www.exploit-db.com/exploits/46200 https://github.com/praveensutar/CVE-2019-6263-Joomla-POC http://www.securityfocus.com/bid/106638 https://developer.joomla.org/security-centre/762-20190103-core-stored-xss-issue-in-the-global-configuration-textfilter-settings • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6261
https://notcve.org/view.php?id=CVE-2019-6261
An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability. Se ha descubierto un problema en versiones anteriores a la 3.9.2 de Joomla!. El escapado incorrecto en com_contact conduce a una vulnerabilidad de Cross-Site Scripting (XSS) persistente. • http://www.securityfocus.com/bid/106638 https://developer.joomla.org/security-centre/761-20190102-core-stored-xss-in-com-contact • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •