CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6261
https://notcve.org/view.php?id=CVE-2019-6261
16 Jan 2019 — An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability. Se ha descubierto un problema en versiones anteriores a la 3.9.2 de Joomla!. El escapado incorrecto en com_contact conduce a una vulnerabilidad de Cross-Site Scripting (XSS) persistente. • http://www.securityfocus.com/bid/106638 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6262
https://notcve.org/view.php?id=CVE-2019-6262
16 Jan 2019 — An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS. Se ha descubierto un problema en versiones anteriores a la 3.9.2 de Joomla!. Las comprobaciones incorrectas de las opciones de la URL de ayuda "Global Configuration" permitían Cross-Site Scripting (XSS) persistente. • http://www.securityfocus.com/bid/106638 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2019-6263 – Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings
https://notcve.org/view.php?id=CVE-2019-6263
16 Jan 2019 — An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS. Se ha descubierto un problema en versiones anteriores a la 3.9.2 de Joomla!. Las comprobaciones incorrectas de las opciones del filtrado de texto "Global Configuration" permitían Cross-Site Scripting (XSS) persistente. • https://packetstorm.news/files/id/151234 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6264
https://notcve.org/view.php?id=CVE-2019-6264
16 Jan 2019 — An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability. Se ha descubierto un problema en versiones anteriores a la 3.9.2 de Joomla!. El escapado incorrecto en mod_banners conduce a una vulnerabilidad de Cross-Site Scripting (XSS) persistente. • http://www.securityfocus.com/bid/106638 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17859
https://notcve.org/view.php?id=CVE-2018-17859
09 Oct 2018 — An issue was discovered in Joomla! before 3.8.13. Inadequate checks in com_contact could allow mail submission in disabled forms. Se ha descubierto un problema en Joomla! en versiones anteriores a la 03/08/2013. • http://www.securityfocus.com/bid/105559 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17855
https://notcve.org/view.php?id=CVE-2018-17855
09 Oct 2018 — An issue was discovered in Joomla! before 3.8.13. If an attacker gets access to the mail account of an user who can approve admin verifications in the registration process, he can activate himself. Se ha descubierto un problema en Joomla! en versiones anteriores a la 03/08/2013. • http://www.securityfocus.com/bid/105559 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17858
https://notcve.org/view.php?id=CVE-2018-17858
09 Oct 2018 — An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend. Se ha descubierto un problema en Joomla! en versiones anteriores a la 3.8.13. Las acciones com_installer no tienen un bastionado CSRF suficiente en el backend. • http://www.securityfocus.com/bid/105559 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2018-12711
https://notcve.org/view.php?id=CVE-2018-12711
26 Jun 2018 — An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL. Se ha descubierto un problema de Cross-Site Scripting (XSS) en el módulo language switcher en Joomla! • http://www.securityfocus.com/bid/104565 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2018-12712
https://notcve.org/view.php?id=CVE-2018-12712
26 Jun 2018 — An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion. Se ha descubierto un problema en Joomla! • http://www.securityfocus.com/bid/104566 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 3%CPEs: 119EXPL: 1CVE-2017-14596
https://notcve.org/view.php?id=CVE-2017-14596
20 Sep 2017 — In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password. En Joomla! en versiones anteriores a la 3.8.0, un escape inadecuado en el plugin de autenticación LDAP puede resultar en una divulgación del nombre de usuario y la contraseña. • http://www.securityfocus.com/bid/100898 • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •