CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-9183 – Joomla! Component JS Jobs 1.2.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-9183
The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS. La extensión Joom Sky JS Jobs en versiones anteriores a la 1.2.1 para Joomla! tiene Cross-Site Scripting (XSS) Joomla JS Jobs component version 1.2.0 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/44401 https://vel.joomla.org/resolved/2146-js-jobs-1-2-0-xss-cross-site-scripting https://www.joomsky.com/products/js-jobs.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-5994 – Joomla! Component JS Jobs 1.1.9 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-5994
SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request. Existe inyección SQL en el componente JS Jobs 1.1.9 para Joomla! mediante el parámetro zipcode en una petición newest-jobs o el parámetro ta en una petición view_resume. Joomla! • https://www.exploit-db.com/exploits/44120 https://exploit-db.com/exploits/44120 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-6006 – Joomla! Component JS Autoz 1.0.9 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-6006
SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter. Existe inyección SQL en el componente JS Autoz 1.0.9 para Joomla! mediante los parámetros vtype, pre o prs. Joomla! • https://www.exploit-db.com/exploits/44119 https://exploit-db.com/exploits/44119 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-6007 – Joomla! Component JS Support Ticket 1.1.0 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2018-6007
CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML or edit a ticket. Existe Cross-Site Request Forgery (CSRF) en el componente JS Support Ticket 1.1.0 para Joomla! y permite que los atacantes inyecten HTML o editen un ticket. Joomla! • https://www.exploit-db.com/exploits/43912 https://packetstormsecurity.com/files/146135/Joomla-JS-Support-Ticket-1.1.0-Cross-Site-Request-Forgery.html • CWE-352: Cross-Site Request Forgery (CSRF) •