CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11327
https://notcve.org/view.php?id=CVE-2018-11327
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission. Se ha descubierto un problema en Joomla! Core en versiones anteriores a la 3.8.8. • http://www.securityfocus.com/bid/104273 http://www.securitytracker.com/id/1040966 https://developer.joomla.org/security-centre/731-20180503-core-information-disclosure-about-unpublished-tags.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11322
https://notcve.org/view.php?id=CVE-2018-11322
An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver. Se ha descubierto un problema en Joomla! Core en versiones anteriores a la 3.8.8. • http://www.securityfocus.com/bid/104272 http://www.securitytracker.com/id/1040966 https://developer.joomla.org/security-centre/730-20180502-core-add-phar-files-to-the-upload-blacklist.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 0CVE-2018-6378
https://notcve.org/view.php?id=CVE-2018-6378
In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager. En Joomla! Core en versiones anteriores a la 3.8.8, el filtrado inadecuado de nombres de archivo y carpeta conduce a varios vectores de ataque XSS en el gestor multimedia. • http://www.securityfocus.com/bid/104268 http://www.securitytracker.com/id/1040966 https://developer.joomla.org/security-centre/737-20180509-core-xss-vulnerability-in-the-media-manager.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11325
https://notcve.org/view.php?id=CVE-2018-11325
An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen. Se ha descubierto un problema en Joomla! Core en versiones anteriores a la 3.8.8. • http://www.securityfocus.com/bid/104278 http://www.securitytracker.com/id/1040966 https://developer.joomla.org/security-centre/732-20180504-core-installer-leaks-plain-text-password-to-local-user.html • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11328
https://notcve.org/view.php?id=CVE-2018-11328
An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability. Se ha descubierto un problema en Joomla! Core en versiones anteriores a la 3.8.8. • http://www.securityfocus.com/bid/104269 http://www.securitytracker.com/id/1040966 https://developer.joomla.org/security-centre/736-20180508-core-possible-xss-attack-in-the-redirect-method.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •