CVSS: 6.1EPSS: 0%CPEs: 103EXPL: 1CVE-2017-9934
https://notcve.org/view.php?id=CVE-2017-9934
Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability. Perdidos tokens CSRF verificados y validación inapropiada de la entrada en Joomla! CMS 1.7.3 hasta la 3.7.2 que lleva a una vulnerabilidad XSS. • https://github.com/xyringe/CVE-2017-9934 http://www.securityfocus.com/bid/99451 http://www.securitytracker.com/id/1038817 https://developer.joomla.org/security-centre/697-20170602-core-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 57EXPL: 0CVE-2017-7984
https://notcve.org/view.php?id=CVE-2017-7984
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component. Un inadecuado sistema de filtrado en Joomla! 3.2.0 hasta 3.6.5 permite realizar un ataque de cross-site scripting en el componente template manager. • http://www.securityfocus.com/bid/98018 https://developer.joomla.org/security-centre/684-20170402-core-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 57EXPL: 0CVE-2017-7987
https://notcve.org/view.php?id=CVE-2017-7987
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component. El escapado inadecuado de nombres de ficheros y directorios en Joomla! 3.2.0 hasta 3.6.5 deriva en vulnerabilidades XSS en el gestor de plantillas. El fallo se ha corregido en la versión 3.7.0. • http://www.securityfocus.com/bid/98021 https://developer.joomla.org/security-centre/687-20170405-core-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 57EXPL: 0CVE-2017-7989
https://notcve.org/view.php?id=CVE-2017-7989
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden. Una inadecuada comprobación de tipos MIME en Joomla! 3.2.0 hasta 3.6.5 permite a usuarios con pocos privilegios cargar archivos swf aunque estén explícitamente prohibidos. • http://www.securityfocus.com/bid/98029 https://developer.joomla.org/security-centre/689-20170407-core-acl-violations • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 120EXPL: 0CVE-2017-7988
https://notcve.org/view.php?id=CVE-2017-7988
In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article. El filtrado inadecuado del contenido de los formularios en Joomla! 1.6.0 hasta 3.6.5 permite la sobreescritura del autor de un artículo. El fallo se ha corregido en la versión 3.7.0. • http://www.securityfocus.com/bid/98022 https://developer.joomla.org/security-centre/688-20170406-core-acl-violations •