Page 22 of 173 results (0.012 seconds)

CVSS: 6.1EPSS: 0%CPEs: 160EXPL: 0

In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components. En Joomla! en versiones anteriores a la 3.7.4, el filtrado inadecuado de etiquetas HTML potencialmente maliciosas conduce a vulnerabilidades XSS en varios componentes. • http://www.securitytracker.com/id/1039014 https://developer.joomla.org/security-centre/701-20170605-core-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 103EXPL: 1

Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability. Perdidos tokens CSRF verificados y validación inapropiada de la entrada en Joomla! CMS 1.7.3 hasta la 3.7.2 que lleva a una vulnerabilidad XSS. • https://github.com/xyringe/CVE-2017-9934 http://www.securityfocus.com/bid/99451 http://www.securitytracker.com/id/1038817 https://developer.joomla.org/security-centre/697-20170602-core-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 114EXPL: 0

Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents. Invalidación del cache inapropiada en Joomla! CMS 1.7.3 hasta la 3.7.2 que lleva a una revelación de los contenidos • http://www.securityfocus.com/bid/99450 http://www.securitytracker.com/id/1038817 https://developer.joomla.org/security-centre/696-20170601-core-information-disclosure • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 97%CPEs: 1EXPL: 7

SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors. Una vulnerabilidad de inyección SQL en Joomla! 3.7.x versiones anteriores a 3.7.1 permite a los atacantes ejecutar comandos SQL arbitrarios a través de vectores no especificados. The Joomla version 3.7.0 fields component suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/42033 https://www.exploit-db.com/exploits/44358 https://github.com/brianwrf/Joomla3.7-SQLi-CVE-2017-8917 https://github.com/gmohlamo/CVE-2017-8917 https://github.com/AkuCyberSec/CVE-2017-8917-Joomla-370-SQL-Injection https://github.com/Siopy/CVE-2017-8917 https://github.com/BaptisteContreras/CVE-2017-8917-Joomla http://www.securityfocus.com/bid/98515 http://www.securitytracker.com/id/1038522 https://developer.joomla.org/security-centre/692& • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.3EPSS: 0%CPEs: 137EXPL: 0

In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers. Al enviar un email utilizando JMail API, en Joomla! 1.5.0 hasta 3.6.5, se divulga en la cabecera del email la versión de PHPMailer utilizada. El fallo ha sido corregido en la versión 3.7.0. • http://www.securityfocus.com/bid/98016 https://developer.joomla.org/security-centre/683-20170401-core-information-disclosure • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •