CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 0CVE-2012-0822
https://notcve.org/view.php?id=CVE-2012-0822
06 Sep 2012 — Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0820. a vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Joomla! v1.6 y v1.7.x anterior a v1.7.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, una vulnerabilidad diferente a CVE-2012 a 0820 • http://developer.joomla.org/security/news/385-20120104-core-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 112EXPL: 0CVE-2012-3554
https://notcve.org/view.php?id=CVE-2012-3554
10 Aug 2012 — SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el componente RSGallery2 (com_rsgallery2) anterior a v2.3.0 para Joomla! v1.5.x, y anterior a v3.2.0 para Joomla! • http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 108EXPL: 0CVE-2012-4071
https://notcve.org/view.php?id=CVE-2012-4071
10 Aug 2012 — Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo RSGallery2 (com_rsgallery2) anterior a v2.3.0 para Joomla! v1.5.x, y anteriores a v3.2.0 para Joomla! • http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0CVE-2011-4332
https://notcve.org/view.php?id=CVE-2011-4332
23 Nov 2011 — Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! v1.6.3 y anteriores, permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://developer.joomla.org/security/news/349-20110601-xss-vulnerabilities.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2011-3747
https://notcve.org/view.php?id=CVE-2011-3747
23 Sep 2011 — Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php. Joomla! v1.6.0 permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con libraries/phpmailer/language/phpmailer.lang-joomla.php. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 46EXPL: 2CVE-2011-2509
https://notcve.org/view.php?id=CVE-2011-2509
27 Jul 2011 — Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component, as demonstrated by the Itemid parameter to index.php; (2) the query string to the com_content component, as demonstrated by the filter_order parameter to index.php; (3) the query string to the com_newsfeeds component, as demonstrated by an arbitrary parameter to index.php; or (4) the option parameter in a reset.reques... • http://developer.joomla.org/security/news/352-20110604-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 49EXPL: 2CVE-2011-2710
https://notcve.org/view.php?id=CVE-2011-2710
27 Jul 2011 — Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component. NOTE: vector 2 exists because of an incomplete fix for CVE-2011-2509.5. Múltiples vulnerabilid... • http://developer.joomla.org/security/news/357-20110701-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 20EXPL: 3CVE-2011-2891
https://notcve.org/view.php?id=CVE-2011-2891
27 Jul 2011 — Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488. Joomla! v1.6.x anterior a v1.6.2 permite a atacantes remotos obtener información sensible a través de un parámetro de array Itemid vacío sobre index.php, lo que revela la ruta de instalación en un mensaje de error, una vulnerabilidad diferente a CVE-2011-2488. • http://bl0g.yehg.net/2011/04/joomla-161-and-lower-information.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 1CVE-2011-2892
https://notcve.org/view.php?id=CVE-2011-2892
27 Jul 2011 — Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. Joomla! v1.6.x anteriores a v1.6.2 no impide la renderización de páginas dentro de un marco en un documento HTML de terceros, lo que hace facilita a los atacantes remotos el realizar ataques de clickjacking mediante un sitio web manipulado. • http://bl0g.yehg.net/2011/04/joomla-161-and-lower-information.html • CWE-20: Improper Input Validation •