CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26029 – [20210309] - Core - Inadequate filtering of form contents could allow to overwrite the author field
https://notcve.org/view.php?id=CVE-2021-26029
04 Mar 2021 — An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field. Se detectó un problema en Joomla! versiones 1.6.0 hasta 3.9.24. • https://developer.joomla.org/security-centre/849-20210309-core-inadequate-filtering-of-form-contents-could-allow-to-overwrite-the-author-field.html •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 0CVE-2021-23130 – [20210304] - Core - XSS within the feed parser library
https://notcve.org/view.php?id=CVE-2021-23130
04 Mar 2021 — An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead to xss issues. Se detectó un problema en Joomla! versiones 2.5.0 hasta 3.9.24. • https://developer.joomla.org/security-centre/844-20210304-core-xss-within-the-feed-parser-library.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 0CVE-2021-23129 – [20210303] - Core - XSS within alert messages showed to users
https://notcve.org/view.php?id=CVE-2021-23129
04 Mar 2021 — An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues. Se detectó un problema en Joomla! versiones 2.5.0 hasta 3.9.24. • https://developer.joomla.org/security-centre/843-20210303-core-xss-within-alert-messages-showed-to-users.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35616 – [20201107] - Core - Write ACL violation in multiple core views
https://notcve.org/view.php?id=CVE-2020-35616
28 Dec 2020 — An issue was discovered in Joomla! 1.7.0 through 3.9.22. Lack of input validation while handling ACL rulesets can cause write ACL violations. Se detectó un problema en Joomla! versiones 1.7.0 hasta 3.9.22. • https://developer.joomla.org/security-centre/834-20201107-core-write-acl-violation-in-multiple-core-views.html • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35615 – [20201106] - Core - CSRF in com_privacy emailexport feature
https://notcve.org/view.php?id=CVE-2020-35615
28 Dec 2020 — An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability. Se detectó un problema en Joomla! versiones 2.5.0 hasta 3.9.22. • https://developer.joomla.org/security-centre/833-20201106-core-csrf-in-com-privacy-emailexport-feature.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35612 – [20201103] - Core - Path traversal in mod_random_image
https://notcve.org/view.php?id=CVE-2020-35612
28 Dec 2020 — An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability. Se detectó un problema en Joomla! versiones 2.5.0 hasta 3.9.22. • https://developer.joomla.org/security-centre/830-20201103-core-path-traversal-in-mod-random-image.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35611 – [20201102] - Core - Disclosure of secrets in Global Configuration page
https://notcve.org/view.php?id=CVE-2020-35611
28 Dec 2020 — An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values. Se detectó un problema en Joomla! versiones 2.5.0 hasta 3.9.22. • https://developer.joomla.org/security-centre/829-20201102-core-disclosure-of-secrets-in-global-configuration-page.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35610 – [20201101] - Core - com_finder ignores access levels on autosuggest
https://notcve.org/view.php?id=CVE-2020-35610
28 Dec 2020 — An issue was discovered in Joomla! 2.5.0 through 3.9.22. The autosuggestion feature of com_finder did not respect the access level of the corresponding terms. Se detectó un problema en Joomla! versiones 2.5.0 hasta 3.9.22. • https://developer.joomla.org/security-centre/828-20201101-core-com-finder-ignores-access-levels-on-autosuggest.html •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15699
https://notcve.org/view.php?id=CVE-2020-15699
15 Jul 2020 — An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site configuration. Se detectó un problema en Joomla! versiones hasta el 3.9.19. • https://developer.joomla.org/security-centre/819-20200702-core-missing-checks-can-lead-to-a-broken-usergroups-table-record.html • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-13763
https://notcve.org/view.php?id=CVE-2020-13763
02 Jun 2020 — In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users. En Joomla! versiones anteriores a 3.9.19, los ajustes predeterminados de la configuración global textfilter no bloquea las entradas HTML para usuarios Invitados. • https://developer.joomla.org/security-centre/814-20200602-core-inconsistent-default-textfilter-settings • CWE-281: Improper Preservation of Permissions •