CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2012-5827
https://notcve.org/view.php?id=CVE-2012-5827
11 Nov 2012 — Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection." Joomla! versiones 2.5.x anteriores a 2.5.8 y versiones 3.0.x anteriores a 3.0.2, permite a los atacantes remotos conducir ataques de secuestro de cliqueo por medio de vectores no especificados que implican "Inadequate protection". • http://developer.joomla.org/security/news/543-20121101-core-clickjacking.html •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2012-4531
https://notcve.org/view.php?id=CVE-2012-4531
31 Oct 2012 — Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! v2.5.x antes de v2.5.7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especifidados. • http://developer.joomla.org/security/news/539-20120901-core-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 1CVE-2012-4532
https://notcve.org/view.php?id=CVE-2012-4532
31 Oct 2012 — Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en modules/mod_languages/tmpl/default.php en el módulo Language Switcher para Joomla! v2.5.x antes de v2.5.7, permite a a... • http://developer.joomla.org/security/news/540-20120902-core-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2012-5455
https://notcve.org/view.php?id=CVE-2012-5455
22 Oct 2012 — Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente de búsqueda de idioma en Joomla! antes de v3.0.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, relacionado con un "error tipográf... • http://developer.joomla.org/security/news/541-20121001-core-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 2CVE-2011-4909 – Joomla! 1.5.x - Cross-Site Scripting / Information Disclosure
https://notcve.org/view.php?id=CVE-2011-4909
07 Oct 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! anteriores a v1.5.12, permite a atacantes remotos i... • https://www.exploit-db.com/exploits/33061 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2011-4910
https://notcve.org/view.php?id=CVE-2011-4910
07 Oct 2012 — Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! anteriores a v1.5.12, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro PATH_INFO. • http://developer.joomla.org/security/news/299-20090605-core-frontend-xss-phpself-not-properly-filtered.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0CVE-2011-4911
https://notcve.org/view.php?id=CVE-2011-4911
07 Oct 2012 — Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors. Joomla! anterior a v1.5.12 no hace la comprobación JEXEC en ficheros sin especificar, lo que permite a atacantes remotos obtener el path de instalación a través de vectores no específicos. • http://developer.joomla.org/security/news/300-20090606-core-missing-jexec-check.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-5230
https://notcve.org/view.php?id=CVE-2012-5230
01 Oct 2012 — Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors. Vulnerabilidad no especificada en el componente JE Story Submit (com_jesubmit) anteriores a v1.9 para Joomla! tiene vectores de ataque e impacto desconocidos. • http://joomlaextensions.co.in/product/JE-Story-Submit •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2012-5232
https://notcve.org/view.php?id=CVE-2012-5232
01 Oct 2012 — Cross-site scripting (XSS) vulnerability in the Quickl Form component for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Quickl Form component para Joomla!, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://docs.joomla.org/Vulnerable_Extensions_List • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 1CVE-2012-1116 – Joomla! 2.5.1 - 'redirect.php' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2012-1116
26 Sep 2012 — SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Joomla! v1.7.x y v2.5.x antes de v2.5.2, permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. • https://www.exploit-db.com/exploits/36913 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •