CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 0CVE-2020-24599
https://notcve.org/view.php?id=CVE-2020-24599
26 Aug 2020 — An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS attacks. Se detectó un problema en Joomla! versiones anteriores a 3.9.21. • https://developer.joomla.org/security-centre/824-20200801-core-xss-in-mod-latestactions • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15700
https://notcve.org/view.php?id=CVE-2020-15700
15 Jul 2020 — An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF vulnerability. Se detectó un problema en Joomla! versiones hasta el 3.9.19. • https://developer.joomla.org/security-centre/818-20200701-core-csrf-in-com-installer-ajax-install-endpoint.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15699
https://notcve.org/view.php?id=CVE-2020-15699
15 Jul 2020 — An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site configuration. Se detectó un problema en Joomla! versiones hasta el 3.9.19. • https://developer.joomla.org/security-centre/819-20200702-core-missing-checks-can-lead-to-a-broken-usergroups-table-record.html • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15698
https://notcve.org/view.php?id=CVE-2020-15698
15 Jul 2020 — An issue was discovered in Joomla! through 3.9.19. Inadequate filtering on the system information screen could expose Redis or proxy credentials Se detectó un problema en Joomla! versiones hasta el 3.9.19. Un filtrado inadecuado en la pantalla de información del sistema podría exponer las credenciales de Redis o del proxy • https://developer.joomla.org/security-centre/823-20200706-core-system-information-screen-could-expose-redis-or-proxy-credentials.html •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15697
https://notcve.org/view.php?id=CVE-2020-15697
15 Jul 2020 — An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users. Se detectó un problema en Joomla! versiones hasta el 3.9.19. • https://developer.joomla.org/security-centre/821-20200704-core-variable-tampering-via-user-table-class.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 4%CPEs: 1EXPL: 0CVE-2020-15696
https://notcve.org/view.php?id=CVE-2020-15696
15 Jul 2020 — An issue was discovered in Joomla! through 3.9.19. Lack of input filtering and escaping allows XSS attacks in mod_random_image. Se detectó un problema en Joomla! versiones hasta el 3.9.19. • https://developer.joomla.org/security-centre/822-20200705-core-escape-mod-random-image-link.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15695
https://notcve.org/view.php?id=CVE-2020-15695
15 Jul 2020 — An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF vulnerability. Se detectó un problema en Joomla! versiones hasta el 3.9.19. • https://developer.joomla.org/security-centre/820-20200703-core-csrf-in-com-privacy-remove-request-feature.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2020-13760
https://notcve.org/view.php?id=CVE-2020-13760
02 Jun 2020 — In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF. En Joomla! versiones anteriores a 3.9.19, la falta de comprobaciones de token en com_postinstall conlleva a un ataque de tipo CSRF. • https://developer.joomla.org/security-centre/817-20200605-core-csrf-in-com-postinstall • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2020-13761
https://notcve.org/view.php?id=CVE-2020-13761
02 Jun 2020 — In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS. En Joomla! versiones anteriores a 3.9.19, la falta de comprobación de entrada en la opción heading tag de los módulos "Articles - Newsflash" y "Articles - Categories" permite un ataque de tipo XSS. • https://developer.joomla.org/security-centre/813-20200601-core-xss-in-modules-heading-tag-option • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13762
https://notcve.org/view.php?id=CVE-2020-13762
02 Jun 2020 — In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows XSS. En Joomla! versiones anteriores a 3.9.19, una comprobación de entrada incorrecta de la opción module tag en com_modules permite un ataque de tipo XSS. • https://developer.joomla.org/security-centre/815-20200603-core-xss-in-com-modules-tag-options • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •