Page 3 of 93 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table. Se ha detectado un problema en Joomla! versiones 2.5.0 hasta 3.9.27. • https://developer.joomla.org/security-centre/857-20210702-core-dos-through-usergroup-table-manipulation.html • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the rules field of the JForm API leads to a XSS vulnerability. Se ha detectado un problema en Joomla! versiones 3.0.0 hasta 3.9.27. • https://developer.joomla.org/security-centre/856-20210701-core-xss-in-jform-rules-field.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo. Se detectó un problema en Joomla! versiones 3.0.0 hasta 3.9.26. • https://developer.joomla.org/security-centre/854-20210503-core-csrf-in-data-download-endpoints.html • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint. Se detectó un problema en Joomla! versiones 3.0.0 hasta 3.9.26. • https://developer.joomla.org/security-centre/853-20210502-core-csrf-in-ajax-reordering-endpoint.html • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors. Se detectó un problema en Joomla! versiones 3.0.0 hasta 3.9.26. • https://developer.joomla.org/security-centre/852-20210501-core-adding-html-to-the-executable-block-list-of-mediahelper-canupload.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •