Page 32 of 169 results (0.013 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente de búsqueda de idioma en Joomla! antes de v3.0.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, relacionado con un "error tipográfico". • http://developer.joomla.org/security/news/541-20121001-core-xss-vulnerability http://osvdb.org/86134 http://secunia.com/advisories/50879 http://www.joomla.org/announcements/release-news/5468-joomla-3-0-1-released.html http://www.securityfocus.com/bid/55858 https://exchange.xforce.ibmcloud.com/vulnerabilities/79171 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! v2.5.0 y 2.5.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores especificados • http://developer.joomla.org/security/news/392-20120302-core-xss-vulnerability.html http://secunia.com/advisories/48005 http://www.openwall.com/lists/oss-security/2012/03/06/12 http://www.openwall.com/lists/oss-security/2012/03/06/5 http://www.osvdb.org/79836 http://www.securityfocus.com/bid/52314 https://exchange.xforce.ibmcloud.com/vulnerabilities/73700 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1

SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Joomla! v1.7.x y v2.5.x antes de v2.5.2, permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. • https://www.exploit-db.com/exploits/36913 http://developer.joomla.org/security/news/391-20120301-core-sql-injection.html http://secunia.com/advisories/48005 http://www.openwall.com/lists/oss-security/2012/03/06/12 http://www.openwall.com/lists/oss-security/2012/03/06/5 http://www.osvdb.org/79837 http://www.securityfocus.com/bid/52312 https://exchange.xforce.ibmcloud.com/vulnerabilities/73699 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el gestor de actualizaciones de Joomla! v2.5.x anterior a v2.5.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados • http://developer.joomla.org/security/news/399-20120308-core-xss-vulnerability.html http://secunia.com/advisories/48683 http://www.openwall.com/lists/oss-security/2012/04/03/3 http://www.openwall.com/lists/oss-security/2012/04/03/5 http://www.osvdb.org/80880 http://www.securityfocus.com/bid/52859 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599. Joomla! v2.5.x antes de v2.5.4 no comprueba correctamente los permisos, lo que permite a los atacantes obtener información sensible del "backend de administración" a través de vectores de ataque desconocidos. • http://developer.joomla.org/security/news/398-20120307-core-information-disclosure.html http://secunia.com/advisories/48683 http://www.openwall.com/lists/oss-security/2012/04/03/3 http://www.openwall.com/lists/oss-security/2012/04/03/5 • CWE-264: Permissions, Privileges, and Access Controls •