CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 0CVE-2018-6378
https://notcve.org/view.php?id=CVE-2018-6378
In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager. En Joomla! Core en versiones anteriores a la 3.8.8, el filtrado inadecuado de nombres de archivo y carpeta conduce a varios vectores de ataque XSS en el gestor multimedia. • http://www.securityfocus.com/bid/104268 http://www.securitytracker.com/id/1040966 https://developer.joomla.org/security-centre/737-20180509-core-xss-vulnerability-in-the-media-manager.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11327
https://notcve.org/view.php?id=CVE-2018-11327
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission. Se ha descubierto un problema en Joomla! Core en versiones anteriores a la 3.8.8. • http://www.securityfocus.com/bid/104273 http://www.securitytracker.com/id/1040966 https://developer.joomla.org/security-centre/731-20180503-core-information-disclosure-about-unpublished-tags.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11323
https://notcve.org/view.php?id=CVE-2018-11323
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions. Se ha descubierto un problema en Joomla! Core en versiones anteriores a la 3.8.8. • http://www.securityfocus.com/bid/104276 http://www.securitytracker.com/id/1040966 https://developer.joomla.org/security-centre/729-20180501-core-acl-violation-in-access-levels.html • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11321
https://notcve.org/view.php?id=CVE-2018-11321
An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. Se ha descubierto un problema en com_fields en Joomla! Core en versiones anteriores a la 3.8.8. • http://www.securityfocus.com/bid/104271 http://www.securitytracker.com/id/1040966 https://developer.joomla.org/security-centre/734-20180506-core-filter-field-in-com-fields-allows-remote-code-execution.html • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11324
https://notcve.org/view.php?id=CVE-2018-11324
An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated. Se ha descubierto un problema en Joomla! Core en versiones anteriores a la 3.8.8. • http://www.securityfocus.com/bid/104274 http://www.securitytracker.com/id/1040966 https://developer.joomla.org/security-centre/735-20180507-core-session-deletion-race-condition.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •