CVSS: 9.1EPSS: 0%CPEs: 34EXPL: 0CVE-2014-7984
https://notcve.org/view.php?id=CVE-2014-7984
08 Oct 2014 — Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication. Joomla! CMS 2.5.x anterior a 2.5.19 y 3.x anterior a 3.2.3 permite a atacantes remotos autenticarse y evadir restricciones a través de vectores que involucran la autenticación de GMail. • http://developer.joomla.org/security/581-20140304-core-unauthorised-logins.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2014-6631
https://notcve.org/view.php?id=CVE-2014-6631
08 Oct 2014 — Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en com_media en Joomla! 3.2.x anterior a 3.2.5 y 3.3.x anterior a 3.3.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://developer.joomla.org/security/593-20140901-core-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 32EXPL: 0CVE-2014-6632
https://notcve.org/view.php?id=CVE-2014-6632
08 Oct 2014 — Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication. Joomla! 2.5.x anterior a 2.5.25, 3.x anterior a 3.2.4, y 3.3.x anterior a 3.3.4 permite a atacantes remotos autenticar y evadir las restricciones de acceso a través de vectores que involucran la autenticación LDAP . • http://developer.joomla.org/security/594-20140902-core-unauthorised-logins.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2014-7229
https://notcve.org/view.php?id=CVE-2014-7229
08 Oct 2014 — Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors. Vulnerabilidad no especificada en Joomla! anterior a 2.5.4 anterior a 2.5.26, 3.x anterior a 3.2.6, y 3.3.x anterior a 3.3.5 permite a atacantes causar una denegación de servicio a través de vectores no especificados. • http://developer.joomla.org/security/596 •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2014-7981
https://notcve.org/view.php?id=CVE-2014-7981
08 Oct 2014 — SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Joomla! CMS 3.1.x y 3.2.x anterior a 3.2.3 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://developer.joomla.org/security/578-20140301-core-sql-injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 34EXPL: 0CVE-2014-7982
https://notcve.org/view.php?id=CVE-2014-7982
08 Oct 2014 — Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Joomla! CMS 2.5.x anterior a 2.5.19 y 3.x anterior a 3.2.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://developer.joomla.org/security/580-20140303-core-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2013-5952 – Joomla Freichat Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-5952
15 Mar 2014 — Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) xhash parameter to client/chat.php or (3) toname parameter to client/plugins/upload/upload.php. Múltiples vulnerabilidades de XSS en el componente Freichat (com_freichat), posiblemente 9.4 y anteriores, para Joomla! permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través del... • https://packetstorm.news/files/id/125737 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2013-5953 – Joomla Multi Calendar 4.0.2 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-5953
15 Mar 2014 — Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) calid or (2) paletteDefault parameter in an editevent action to index.php. Múltiples vulnerabilidades de XSS en tmpl/layout_editevent.php en el componente Multi Calendar (com_multicalendar) 4.0.2, y posiblemente 4.8.5 y anteriores, para Joomla! permiten ... • https://packetstorm.news/files/id/125738 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2013-5955 – Joomla Pbbooking 2.4 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-5955
15 Mar 2014 — Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary parameter in an edit action to administrator/index.php. Vulnerabilidad de XSS en manage.php en el componente PBBooking (com_pbbooking) 2.4 para Joomla! permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de un parámetro arbitrario en una acción de edición (edit) hacia administrator/index.p... • https://packetstorm.news/files/id/125734 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 4CVE-2014-0793 – Joomla! Component Komento 1.7.2 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-0793
24 Jan 2014 — Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) latitude parameter in a comment to the default URI. Múltiples vulnerabilidades de XSS en el componente StackIdeas Komento (com_komento) anterior a la versión 1.7.3 para Joomla! permite a atacantes remotos inyectar script Web o HTML arbitrario a través del parámetro (1) website o (2) latitude en ... • https://packetstorm.news/files/id/124917 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •