CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 2CVE-2007-5427 – Joomla! Component Search 1.0.13 - SearchWord Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-5427
Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 1.0.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchword parameter. NOTE: this might be related to CVE-2007-4189.1. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente de Joomla!, com_search 1.0.13 y versiones anteriores permite a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro searchword. NOTA: Este asunto podría estar relacionado con CVE-2007-4189.1. • https://www.exploit-db.com/exploits/30655 http://osvdb.org/37709 http://secunia.com/advisories/27196 http://securityreason.com/securityalert/3216 http://securityvulns.ru/Rdocument919.html http://websecurity.com.ua/1203 http://www.securityfocus.com/archive/1/482006/100/0/threaded http://www.securityfocus.com/bid/26031 http://www.vupen.com/english/advisories/2007/3495 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2006-7010
https://notcve.org/view.php?id=CVE-2006-7010
The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks. La implementación de mosgetparam en Joomla! anterior a 1.0.10, no establece el tipo de dato de una variable a entero cuando el valor por defecto de la variable es numérico, lo cual tiene impacto y vectores de ataque no especificados, que pueden permitir ataques de inyección SQL. • http://secunia.com/advisories/20874 http://www.joomla.org/content/view/1510/74 http://www.osvdb.org/26916 •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2006-7008
https://notcve.org/view.php?id=CVE-2006-7008
Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029. Vulnerabilidad no especificada en Joomla! anterior a 1.0.10 tiene impacto y vectores de ataque desconocidos, relacionados con "asegurar mosmsg contra el mal uso". • http://secunia.com/advisories/20874 http://www.joomla.org/content/view/1510/74 http://www.osvdb.org/26915 •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2006-7009
https://notcve.org/view.php?id=CVE-2006-7009
Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors. Joomla! anterior a 1.0.10 permite a atacantes remotos falsear los formularios de envío del interfaz externo (frontend), lo cual tiene impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/20874 http://www.joomla.org/content/view/1510/74 •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2006-6832
https://notcve.org/view.php?id=CVE-2006-6832
Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Joomla! anterior a 1.0.12 permite a un atacante remoto inyectar secuencias de comandos web o HTML a través de vectores no especificados, posiblemente relacionados con poll.php o el módulo title. • http://forge.joomla.org/sf/go/artf5985?nav=1 http://forge.joomla.org/sf/go/artf6844?nav=1 http://jvn.jp/jp/JVN%2345006961/index.html http://secunia.com/advisories/23563 http://www.joomla.org/content/view/2495/78 http://www.securityfocus.com/bid/21810 http://www.vupen.com/english/advisories/2006/5202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •