CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15028
https://notcve.org/view.php?id=CVE-2019-15028
In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms. En Joomla! versiones anteriores a 3.9.11, las comprobaciones inadecuadas en la función com_contact podrían permitir el envío de correo en formularios deshabilitados. • https://developer.joomla.org/security-centre/789-20190801-core-hardening-com-contact-contact-form •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14654
https://notcve.org/view.php?id=CVE-2019-14654
In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9. cPanel anterior al versión 67.9999.103, permite que los archivos de registro del Servidor HTTP de Apache sean legibles en todo el mundo debido al manejo inapropiado de un cambio de nombre de cuenta (SEC-296). • https://developer.joomla.org/security-centre/787-20190701-core-filter-attribute-in-subform-fields-allows-remote-code-execution.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12766
https://notcve.org/view.php?id=CVE-2019-12766
An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors. Un problema fue descubierto en Joomla! • http://www.securityfocus.com/bid/108735 https://developer.joomla.org/security-centre/784-20190602-core-xss-in-subform-field • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2019-12765 – Joomla! 3.9.0 < 3.9.7 - CSV Injection
https://notcve.org/view.php?id=CVE-2019-12765
An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection. Se descubrió un problema en Joomla anterior 3.9.7 la exportación CSV de com_actionslogs es vulnerable a la inyección de CSV. • https://www.exploit-db.com/exploits/48198 http://www.securityfocus.com/bid/108736 https://developer.joomla.org/security-centre/783-20190601-core-csv-injection-in-com-actionlogs • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12764
https://notcve.org/view.php?id=CVE-2019-12764
An issue was discovered in Joomla! before 3.9.7. The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users. Se descubrió un problema en Joomla! Anterior del 3.9.7. • http://www.securityfocus.com/bid/108729 https://developer.joomla.org/security-centre/785-20190603-core-acl-hardening-of-com-joomlaupdate •