Page 3 of 92 results (0.013 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in com_installer lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL for com_installer is limited to super users already. Se ha detectado un problema en Joomla! • https://developer.joomla.org/security-centre/859-20210704-core-privilege-escalation-through-com-installer.html • CWE-754: Improper Check for Unusual or Exceptional Conditions •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked. Se ha detectado un problema en Joomla! versiones 2.5.0 hasta 3.9.27. • https://developer.joomla.org/security-centre/858-20210703-core-lack-of-enforced-session-termination.html • CWE-613: Insufficient Session Expiration •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table. Se ha detectado un problema en Joomla! versiones 2.5.0 hasta 3.9.27. • https://developer.joomla.org/security-centre/857-20210702-core-dos-through-usergroup-table-manipulation.html • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the rules field of the JForm API leads to a XSS vulnerability. Se ha detectado un problema en Joomla! versiones 3.0.0 hasta 3.9.27. • https://developer.joomla.org/security-centre/856-20210701-core-xss-in-jform-rules-field.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo. Se detectó un problema en Joomla! versiones 3.0.0 hasta 3.9.26. • https://developer.joomla.org/security-centre/854-20210503-core-csrf-in-data-download-endpoints.html • CWE-352: Cross-Site Request Forgery (CSRF) •