CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 0CVE-2010-4696
https://notcve.org/view.php?id=CVE-2010-4696
18 Jan 2011 — Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de inyección SQL en Joomla! v1.5.x anterior a v1.5.22 permite a atacantes remotos ejecutar comandos ... • http://developer.joomla.org/security/news/9-security/10-core-security/323-20101101-core-sqli-info-disclosurevulnerabilities.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 0CVE-2010-3712
https://notcve.org/view.php?id=CVE-2010-3712
27 Oct 2010 — Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities," as demonstrated by the query string to index.php in the com_weblinks or com_content component. Vulnerabilidad de tipo cross-site scripting (XSS) en Joomla!, versiones 1.5.x anteriores a 1.5.21 y versiones 1.6.x anteriores a 1.6.1, permite a los atacantes remotos inyectar script web o HTML arbitrario po... • http://developer.joomla.org/security/news/9-security/10-core-security/322-20101001-core-xss-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 21EXPL: 0CVE-2010-2535
https://notcve.org/view.php?id=CVE-2010-2535
05 Oct 2010 — Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en el Back End en Joomla! v1.5.x anterior a 1.5.20, permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML de su elección a través de las pantallas de administración. • http://developer.joomla.org/security/news/318-20100704-core-xss-vulnerabilitis-in-back-end.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2010-1649
https://notcve.org/view.php?id=CVE-2010-1649
07 Jun 2010 — Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados(XSS) en el backend de Joomla! v1.5 a v1.5.17 permiten a atacantes remotos inyectar HTML o secuencias de comandos web a través de vectores desconocidos relacion... • http://developer.joomla.org/security/news/314-20100501-core-xss-vulnerabilities-in-back-end.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 15EXPL: 0CVE-2009-3945
https://notcve.org/view.php?id=CVE-2009-3945
16 Nov 2009 — Unspecified vulnerability in the Front-End Editor in the com_content component in Joomla! before 1.5.15 allows remote authenticated users, with Author privileges, to replace the articles of an arbitrary user via unknown vectors. Vulnerabilidad no especificada en el Front-End Editor del componente com_content en Joomla! versiones anteriores a v1.5.15 permite a usuarios autenticados remotamente, con privilegios "Author", reemplazar los artículos de un usuario de su elección mediante vectores desconocidos. • http://developer.joomla.org/security/news/305-20091103-core-front-end-editor-issue-.html •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2009-3946
https://notcve.org/view.php?id=CVE-2009-3946
16 Nov 2009 — Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request. Joomla! versiones anteriores a v1.5.15 permite a atacantes remotos leer el fichero XML de una extensión, y de ese modo obtener el número de versión de la extensión, mediante una petición directa. • http://developer.joomla.org/security/news/306-20091103-core-xml-file-read-issue.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •