CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 0CVE-2012-0822
https://notcve.org/view.php?id=CVE-2012-0822
Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0820. a vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Joomla! v1.6 y v1.7.x anterior a v1.7.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, una vulnerabilidad diferente a CVE-2012 a 0820 • http://developer.joomla.org/security/news/385-20120104-core-xss-vulnerability http://secunia.com/advisories/47753 http://www.joomla.org/announcements/release-news/5403-joomla-250-released.html http://www.joomla.org/announcements/release-news/5405-joomla-174-released.html http://www.openwall.com/lists/oss-security/2012/01/25/1 http://www.openwall.com/lists/oss-security/2012/01/26/2 http://www.openwall.com/lists/oss-security/2012/01/26/4 http://www.openwall.com/lists/oss- • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 112EXPL: 0CVE-2012-3554
https://notcve.org/view.php?id=CVE-2012-3554
SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el componente RSGallery2 (com_rsgallery2) anterior a v2.3.0 para Joomla! v1.5.x, y anterior a v3.2.0 para Joomla! • http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142 http://joomlacode.org/gf/project/rsgallery2/news http://www.rsgallery2.nl/announcements/rsgallery2_3.2.0_and_2.3.0_released_16845.0.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 108EXPL: 0CVE-2012-4071
https://notcve.org/view.php?id=CVE-2012-4071
Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo RSGallery2 (com_rsgallery2) anterior a v2.3.0 para Joomla! v1.5.x, y anteriores a v3.2.0 para Joomla! • http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142 http://joomlacode.org/gf/download/frsrelease/17325/75427/com_rsgallery2_2.3.0.zip http://joomlacode.org/gf/download/frsrelease/17326/75428/com_rsgallery2_3.2.0.zip http://joomlacode.org/gf/project/rsgallery2/news http://www.rsgallery2.nl/announcements/rsgallery2_3.2.0_and_2.3.0_released_16845.0.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0CVE-2011-4332
https://notcve.org/view.php?id=CVE-2011-4332
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! v1.6.3 y anteriores, permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://developer.joomla.org/security/news/349-20110601-xss-vulnerabilities.html http://seclists.org/fulldisclosure/2011/Nov/142 http://www.mavitunasecurity.com/xss-vulnerability-in-joomla-163 http://www.openwall.com/lists/oss-security/2011/11/21/29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2011-3747
https://notcve.org/view.php?id=CVE-2011-3747
Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php. Joomla! v1.6.0 permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con libraries/phpmailer/language/phpmailer.lang-joomla.php. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/joomla-1.6.0 http://www.openwall.com/lists/oss-security/2011/06/27/6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •