CVE-2022-27912 – [20221001] - Core - Debug Mode leaks full request payloads including passwords
https://notcve.org/view.php?id=CVE-2022-27912
An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests. Se ha detectado un problema en Joomla! versiones 4.0.0 hasta 4.2.3. • https://developer.joomla.org/security-centre/885-20221001-core-disclosure-of-critical-information-in-debug-mode.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-27911 – [20220801] - Core - Multiple Full Path Disclosures because of missing '_JEXEC or die check'
https://notcve.org/view.php?id=CVE-2022-27911
An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes. Se ha detectado un problema en Joomla! Versión 4.2.0. • https://developer.joomla.org/security-centre/884-20220801-core-multiple-full-path-disclosures-because-of-missing-jexec-or-die-check.html •
CVE-2022-23801 – [20220309] - Core - XSS attack vector through SVG
https://notcve.org/view.php?id=CVE-2022-23801
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media. Se ha detectado un problema en Joomla! versiones 4.0.0 hasta 4.1.0. • https://developer.joomla.org/security-centre/878-20220309-core-xss-attack-vector-through-svg.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-23800 – [20220308] - Core - Inadequate content filtering within the filter code
https://notcve.org/view.php?id=CVE-2022-23800
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components. Se ha detectado un problema en Joomla! versiones 4.0.0 hasta 4.1.0. • https://developer.joomla.org/security-centre/877-20220308-core-inadequate-content-filtering-within-the-filter-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-23799 – [20220307] - Core - Variable Tampering on JInput $_REQUEST data
https://notcve.org/view.php?id=CVE-2022-23799
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data. Se ha detectado un problema en Joomla! Versiones 4.0.0 hasta 4.1.0. • https://developer.joomla.org/security-centre/876-20220307-core-variable-tampering-on-jinput-request-data.html •