Page 19 of 153 results (0.027 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability. Se ha descubierto un problema en versiones anteriores a la 3.9.2 de Joomla!. El escapado incorrecto en com_contact conduce a una vulnerabilidad de Cross-Site Scripting (XSS) persistente. • http://www.securityfocus.com/bid/106638 https://developer.joomla.org/security-centre/761-20190102-core-stored-xss-in-com-contact • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2

An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS. Se ha descubierto un problema en versiones anteriores a la 3.9.2 de Joomla!. Las comprobaciones incorrectas de las opciones del filtrado de texto "Global Configuration" permitían Cross-Site Scripting (XSS) persistente. • https://www.exploit-db.com/exploits/46200 https://github.com/praveensutar/CVE-2019-6263-Joomla-POC http://www.securityfocus.com/bid/106638 https://developer.joomla.org/security-centre/762-20190103-core-stored-xss-issue-in-the-global-configuration-textfilter-settings • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0

An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend. Se ha descubierto un problema en Joomla! en versiones anteriores a la 3.8.13. Las acciones com_installer no tienen un bastionado CSRF suficiente en el backend. • http://www.securityfocus.com/bid/105559 http://www.securitytracker.com/id/1041914 https://developer.joomla.org/security-centre/755-20181005-core-csrf-hardening-in-com-installer.html • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access com_joomlaupdate and trigger code execution. Se ha descubierto un problema en Joomla! en versiones anteriores a la 3.8.13. com_joomlaupdate permite la ejecución de código arbitrario. • http://www.securityfocus.com/bid/105559 http://www.securitytracker.com/id/1041914 https://developer.joomla.org/security-centre/752-20181002-core-inadequate-default-access-level-for-com-joomlaupdate.html •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! before 3.8.13. Inadequate checks on the tags search fields can lead to an access level violation. Se ha descubierto un problema en Joomla! en versiones anteriores a la 03/08/2013. • http://www.securityfocus.com/bid/105559 http://www.securitytracker.com/id/1041914 https://developer.joomla.org/security-centre/753-20181003-core-access-level-violation-in-com-tags • CWE-863: Incorrect Authorization •