CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9712
https://notcve.org/view.php?id=CVE-2019-9712
An issue was discovered in Joomla! before 3.9.4. The JSON handler in com_config lacks input validation, leading to XSS. Se ha descubierto un problema en versiones anteriores a la 3.9.4 de Joomla!. El manipulador JSON en com_config carece de una validación de entradas, conduciendo a Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/107374 https://developer.joomla.org/security-centre/772-20190301-core-xss-in-com-config-json-handler • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9714
https://notcve.org/view.php?id=CVE-2019-9714
An issue was discovered in Joomla! before 3.9.4. The media form field lacks escaping, leading to XSS. Se ha descubierto un problema en versiones anteriores a la 3.9.4 de Joomla!. El campo "media form" carece de la funcionalidad de escape, conduciendo a Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/107369 https://developer.joomla.org/security-centre/774-20190303-core-xss-in-media-form-field • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9711
https://notcve.org/view.php?id=CVE-2019-9711
An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS. Se ha descubierto un problema en versiones anteriores a la 3.9.4 de Joomla!. El diseño item_title en edit views carece de la funcionalidad de escape, conduciendo a Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/107371 https://developer.joomla.org/security-centre/773-20190302-core-xss-in-item-title-layout • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9713
https://notcve.org/view.php?id=CVE-2019-9713
An issue was discovered in Joomla! before 3.9.4. The sample data plugins lack ACL checks, allowing unauthorized access. Se ha descubierto un problema en versiones anteriores a la 3.9.4 de Joomla!. Los plugins de datos de muestra carecen de comprobaciones de listas de control de acceso, posibilitando un acceso no autorizado. • http://www.securityfocus.com/bid/107372 https://developer.joomla.org/security-centre/775-20190304-core-missing-acl-check-in-sample-data-plugins • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7744
https://notcve.org/view.php?id=CVE-2019-7744
An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability. Se ha descubierto un problema en versiones anteriores a la 3.9.3 de Joomla!. El filtrado inadecuado de los campos de URL en varios componentes core podría conducir a una vulnerabilidad XSS. • https://developer.joomla.org/security-centre/765-20190201-core-lack-of-url-filtering-in-various-core-components • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •