Page 40 of 804 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2013-5583

https://notcve.org/view.php?id=CVE-2013-5583

Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. Cross-site scripting (XSS) en libraries/idna_convert/example.php de Joomla! 3.1.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro lang. • http://disse.cting.org/2013/08/05/joomla-core-3_1_5_reflected-xss-vulnerability http://www.securityfocus.com/bid/61600 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 77%CPEs: 24EXPL: 3

CVE-2013-5576 – Joomla! Component Media Manager - Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2013-5576

administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013. administrator/components/com_media/helpers/media.php en el gestor de medios de Joomla! 2.5.x anterior a la versión 2.5.14 y 3.x anterior a 3.1.5 permite a usuarios remotos autenticados o a atacantes remotos evadir restricciones de acceso intencionadas y subir archivos con extensiones peligrosas a través de un nombre de archivo con un . (punto), tal y como se explotó activamente en agosto de 2013. • https://www.exploit-db.com/exploits/27610 http://developer.joomla.org/security/563-20130801-core-unauthorised-uploads.html http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=31626 http://seclists.org/oss-sec/2013/q3/484 http://seclists.org/oss-sec/2013/q3/486 http://www.cso.com.au/article/523528/joomla_patches_file_manager_vulnerability_responsible_hijacked_websites http://www.exploit-db.com/exploits/27610 http://www.kb.cert.org/vuls/id/639620 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 0

CVE-2013-3719

https://notcve.org/view.php?id=CVE-2013-3719

Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en el componente aiContactSafe anterior a v2.0.21 para Joomla!, permite a atacantes remotos a inyectar secuencias de comandos Web o HTML a través de vectores no especificados. • http://secunia.com/advisories/53050 http://www.algisinfo.com/en/home-bottom/41-xss-in-aicontactsafe.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 0

CVE-2013-3534

https://notcve.org/view.php?id=CVE-2013-3534

Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en el componente aiContactSafe component anterior a v2.0.21 para Joomla! permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://secunia.com/advisories/53050 http://www.algisinfo.com/en/home-bottom/41-xss-in-aicontactsafe.html http://www.securityfocus.com/bid/59266 https://exchange.xforce.ibmcloud.com/vulnerabilities/83631 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 14EXPL: 0

CVE-2013-3056

https://notcve.org/view.php?id=CVE-2013-3056

Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors. Joomla! v2.5.x anterior a v2.5.10 y v3.0.x anterior a v3.0.4 permite a usuarios autenticados remotos eludir los requerimientos de privilegio y eliminar mensajes privados de usuarios de su elección mediante vectores desconocidos. • http://developer.joomla.org/security/84-20130401-core-privilege-escalation.html • CWE-264: Permissions, Privileges, and Access Controls •