CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11328
https://notcve.org/view.php?id=CVE-2018-11328
An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability. Se ha descubierto un problema en Joomla! Core en versiones anteriores a la 3.8.8. • http://www.securityfocus.com/bid/104269 http://www.securitytracker.com/id/1040966 https://developer.joomla.org/security-centre/736-20180508-core-possible-xss-attack-in-the-redirect-method.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11326
https://notcve.org/view.php?id=CVE-2018-11326
An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack. Se ha descubierto un problema en Joomla! • http://www.securityfocus.com/bid/104270 http://www.securitytracker.com/id/1040966 https://developer.joomla.org/security-centre/733-20180505-core-xss-vulnerabilities-additional-hadering.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11322
https://notcve.org/view.php?id=CVE-2018-11322
An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver. Se ha descubierto un problema en Joomla! Core en versiones anteriores a la 3.8.8. • http://www.securityfocus.com/bid/104272 http://www.securitytracker.com/id/1040966 https://developer.joomla.org/security-centre/730-20180502-core-add-phar-files-to-the-upload-blacklist.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 1CVE-2018-8045
https://notcve.org/view.php?id=CVE-2018-8045
In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view. En Joomla!, de la versión 3.5.0 a la 3.8.5, la falta de casting de tipos en una variable de una instrucción SQL conduce a una vulnerabilidad de inyección SQL en la vista de lista User Notes. • https://github.com/luckybool1020/CVE-2018-8045 http://www.securityfocus.com/bid/103402 http://www.securitytracker.com/id/1040540 https://developer.joomla.org/security-centre/723-20180301-core-sqli-vulnerability.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 0CVE-2018-6379
https://notcve.org/view.php?id=CVE-2018-6379
In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability. En Joomla!, en versiones anteriores a la 3.8.4, el filtrado de entradas inadecuado en la clase Uri (anteriormente JUri) conduce a una vulnerabilidad de XSS. • http://www.securityfocus.com/bid/102918 http://www.securitytracker.com/id/1040316 https://developer.joomla.org/security-centre/721-20180104-core-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •