Page 3 of 65 results (0.016 seconds)

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability. Se detectó un problema en Joomla! versiones 2.5.0 hasta 3.9.22. • https://developer.joomla.org/security-centre/833-20201106-core-csrf-in-com-privacy-emailexport-feature.html • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability. Se detectó un problema en Joomla! versiones 2.5.0 hasta 3.9.22. • https://developer.joomla.org/security-centre/830-20201103-core-path-traversal-in-mod-random-image.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values. Se detectó un problema en Joomla! versiones 2.5.0 hasta 3.9.22. • https://developer.joomla.org/security-centre/829-20201102-core-disclosure-of-secrets-in-global-configuration-page.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! 2.5.0 through 3.9.22. The autosuggestion feature of com_finder did not respect the access level of the corresponding terms. Se detectó un problema en Joomla! versiones 2.5.0 hasta 3.9.22. • https://developer.joomla.org/security-centre/828-20201101-core-com-finder-ignores-access-levels-on-autosuggest.html •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site configuration. Se detectó un problema en Joomla! versiones hasta el 3.9.19. • https://developer.joomla.org/security-centre/819-20200702-core-missing-checks-can-lead-to-a-broken-usergroups-table-record.html • CWE-345: Insufficient Verification of Data Authenticity •