CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15880
https://notcve.org/view.php?id=CVE-2018-15880
An issue was discovered in Joomla! before 3.8.12. Inadequate output filtering on the user profile page could lead to a stored XSS attack. Se ha descubierto un problema en Joomla! en versiones anteriores a la 3.8.12. • http://www.securityfocus.com/bid/105164 http://www.securitytracker.com/id/1041913 https://developer.joomla.org/security-centre/744-20180802-core-stored-xss-vulnerability-in-the-frontend-profile.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15881
https://notcve.org/view.php?id=CVE-2018-15881
An issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can lead to an ACL violation. Se ha descubierto un problema en Joomla! en versiones anteriores a la 3.8.12. • http://www.securityfocus.com/bid/105161 http://www.securitytracker.com/id/1041913 https://developer.joomla.org/security-centre/745-20180803-core-acl-violation-in-custom-fields.html •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12712
https://notcve.org/view.php?id=CVE-2018-12712
An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion. Se ha descubierto un problema en Joomla! • http://www.securityfocus.com/bid/104566 http://www.securitytracker.com/id/1041245 https://developer.joomla.org/security-centre/741-20180601-core-local-file-inclusion-with-php-5-3 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2018-12711
https://notcve.org/view.php?id=CVE-2018-12711
An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL. Se ha descubierto un problema de Cross-Site Scripting (XSS) en el módulo language switcher en Joomla! • http://www.securityfocus.com/bid/104565 http://www.securitytracker.com/id/1041244 https://developer.joomla.org/security-centre/740-20180602-core-xss-vulnerability-in-language-switcher-module • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11326
https://notcve.org/view.php?id=CVE-2018-11326
An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack. Se ha descubierto un problema en Joomla! • http://www.securityfocus.com/bid/104270 http://www.securitytracker.com/id/1040966 https://developer.joomla.org/security-centre/733-20180505-core-xss-vulnerabilities-additional-hadering.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •