CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26036 – [20210702] - Core - DoS through usergroup table manipulation
https://notcve.org/view.php?id=CVE-2021-26036
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table. Se ha detectado un problema en Joomla! versiones 2.5.0 hasta 3.9.27. • https://developer.joomla.org/security-centre/857-20210702-core-dos-through-usergroup-table-manipulation.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26035 – [20210701] - Core - XSS in JForm Rules field
https://notcve.org/view.php?id=CVE-2021-26035
An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the rules field of the JForm API leads to a XSS vulnerability. Se ha detectado un problema en Joomla! versiones 3.0.0 hasta 3.9.27. • https://developer.joomla.org/security-centre/856-20210701-core-xss-in-jform-rules-field.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26034 – [20210503] - Core - CSRF in data download endpoints
https://notcve.org/view.php?id=CVE-2021-26034
An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo. Se detectó un problema en Joomla! versiones 3.0.0 hasta 3.9.26. • https://developer.joomla.org/security-centre/854-20210503-core-csrf-in-data-download-endpoints.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26033 – [20210502] - Core - CSRF in AJAX reordering endpoint
https://notcve.org/view.php?id=CVE-2021-26033
An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint. Se detectó un problema en Joomla! versiones 3.0.0 hasta 3.9.26. • https://developer.joomla.org/security-centre/853-20210502-core-csrf-in-ajax-reordering-endpoint.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26032 – [20210501] - Core - Adding HTML to the executable block list of MediaHelper::canUpload
https://notcve.org/view.php?id=CVE-2021-26032
An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors. Se detectó un problema en Joomla! versiones 3.0.0 hasta 3.9.26. • https://developer.joomla.org/security-centre/852-20210501-core-adding-html-to-the-executable-block-list-of-mediahelper-canupload.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •