Page 5 of 34 results (0.006 seconds)

CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3) Search. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Joomla! anterior a 1.0.11 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante parámetros no especificados en (1) Módulo de Administración, (2) Ayuda de Administración y (3) Búsqueda. • http://secunia.com/advisories/21666 http://www.joomla.org/content/view/1841/78 http://www.joomla.org/content/view/1843/74 http://www.vupen.com/english/advisories/2006/3408 https://exchange.xforce.ibmcloud.com/vulnerabilities/28633 •

CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 0

Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks. Vulnerabilidad no especificada en com_content en Joomla! anterior 1.0.11, cuando esta asignado $mosConfig_hideEmail, permite a un atacante realizar tareas emailform y emailsend. • http://secunia.com/advisories/21666 http://www.joomla.org/content/view/1841/78 http://www.joomla.org/content/view/1843/74 http://www.vupen.com/english/advisories/2006/3408 •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors. Joomla! anterior a 1.0.11 no limita el acceso a la funcionabilidad Admin Popups, lo cual tiene un impacto desconocido y vectores de ataque. • http://secunia.com/advisories/21666 http://www.joomla.org/content/view/1841/78 http://www.joomla.org/content/view/1843/74 http://www.vupen.com/english/advisories/2006/3408 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to have an unspecified impact. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Joomla!. Joomla! anterior a 1.0.11 no desestablece variables adecuadamente cuando la información de entrada incluye un parámetro numérico con un valor correspondiente a una valor hash de un parámetro alfanumérico, lo cual permite a atacantes remotos tener impacto desconocido. • http://www.joomla.org/content/view/1841/78 http://www.vupen.com/english/advisories/2006/3408 • CWE-20: Improper Input Validation •

CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.10 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters involving the (1) getUserStateFromRequest function, and the (2) SEF and (3) com_messages modules. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Joomla! antes de 1.0.10 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de parámetros no especificados que involucran a (1) la función getUserStateFromRequest y los módulos (2) SEF y (3) com_messages. • http://secunia.com/advisories/20874 http://www.joomla.org/content/view/1510/74 http://www.joomla.org/content/view/1511/78 http://www.osvdb.org/26913 http://www.osvdb.org/26917 http://www.osvdb.org/26918 http://www.securityfocus.com/bid/18742 http://www.vupen.com/english/advisories/2006/2608 https://exchange.xforce.ibmcloud.com/vulnerabilities/27521 •