CVE-2022-23800 – [20220308] - Core - Inadequate content filtering within the filter code
https://notcve.org/view.php?id=CVE-2022-23800
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components. Se ha detectado un problema en Joomla! versiones 4.0.0 hasta 4.1.0. • https://developer.joomla.org/security-centre/877-20220308-core-inadequate-content-filtering-within-the-filter-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-23799 – [20220307] - Core - Variable Tampering on JInput $_REQUEST data
https://notcve.org/view.php?id=CVE-2022-23799
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data. Se ha detectado un problema en Joomla! Versiones 4.0.0 hasta 4.1.0. • https://developer.joomla.org/security-centre/876-20220307-core-variable-tampering-on-jinput-request-data.html •
CVE-2022-23798 – [20220306] - Core - Inadequate validation of internal URLs
https://notcve.org/view.php?id=CVE-2022-23798
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not. Se ha detectado un problema en Joomla! Versiones 2.5.0 hasta 3.10.6 y 4.0.0 hasta 4.1.0. • https://developer.joomla.org/security-centre/875-20220306-core-inadequate-validation-of-internal-urls.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2022-23797 – [20220305] - Core - Inadequate filtering on the selected Ids
https://notcve.org/view.php?id=CVE-2022-23797
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection. Se ha detectado un problema en Joomla! versiones 3.0.0 hasta 3.10.6 y 4.0.0 hasta 4.1.0. • https://developer.joomla.org/security-centre/874-20220305-core-inadequate-filtering-on-the-selected-ids.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-23795 – [20220303] - Core - User row are not bound to a authentication mechanism
https://notcve.org/view.php?id=CVE-2022-23795
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover. Se ha detectado un problema en Joomla! versiones 2.5.0 hasta 3.10.6 y 4.0.0 hasta 4.1.0. • https://developer.joomla.org/security-centre/872-20220303-core-user-row-are-not-bound-to-a-authentication-mechanism.html • CWE-287: Improper Authentication •