CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 2CVE-2012-2413 – Joomla 1.5.26 ja_purity Cross Site Scripting
https://notcve.org/view.php?id=CVE-2012-2413
Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php. Vulnerabilidad de XSS en la plantilla ja_purity para Joomla! 1.5.26 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro Mod* cookie en html/modules.php. Joomla version 1.5.26 suffers from a cross site scripting vulnerability in the ja_purity template. • http://archives.neohapsis.com/archives/bugtraq/2012-05/0021.html http://www.securityfocus.com/bid/53382 http://www.waraxe.us/advisory-87.html https://exchange.xforce.ibmcloud.com/vulnerabilities/75398 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 26EXPL: 0CVE-2011-4321
https://notcve.org/view.php?id=CVE-2011-4321
The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors. La funcionalidad de reinicialización de contraseña en Joomla! v1.5.x hasta v1.5.24 utiliza números aleatorios débiles, lo que hace más sencillo para atacantes remotos cambiar las contraseñas de usuarios de su elección a través de vectores no especificados. • http://developer.joomla.org/security/news/9-security/10-core-security/375-20111103-core-password-change http://www.openwall.com/lists/oss-security/2011/11/21/1 • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 0%CPEs: 49EXPL: 2CVE-2011-2710
https://notcve.org/view.php?id=CVE-2011-2710
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component. NOTE: vector 2 exists because of an incomplete fix for CVE-2011-2509.5. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! before v1.7.0, permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de(1) la URI sobre includes/application.php, accesible desde index.php; y, cuando de usa Internet Explorer o Konqueror, (2) permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro searchword en una acción search sobre index.php en el componente com_search. • http://developer.joomla.org/security/news/357-20110701-xss-vulnerability.html http://www.openwall.com/lists/oss-security/2011/07/22/1 http://www.openwall.com/lists/oss-security/2011/07/22/5 http://www.openwall.com/lists/oss-security/2011/10/16/1 http://www.openwall.com/lists/oss-security/2011/11/21/27 http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.7.0-rc%5D_cross_site_scripting%28XSS%29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 24EXPL: 1CVE-2011-2889
https://notcve.org/view.php?id=CVE-2011-2889
templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. NOTE: this might overlap CVE-2011-2488. templates/sistema/error.php en Joomla! anterior a v1.5.23 podría permitir a atacantes remotos obtener información sensible a través de vectores no especificados que provocan un valor indefinido de un campo de error concreto, lo que lleva a la divulgación de la ruta de instalación. NOTA: esto podría superponerse a CVE-2011-2488. • http://developer.joomla.org/security/news/9-security/10-core-security/340-20110401-core-information-disclosure.html http://www.joomla.org/announcements/release-news/5367-joomla-1523-released.html http://www.openwall.com/lists/oss-security/2011/07/01/1 https://exchange.xforce.ibmcloud.com/vulnerabilities/68883 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 25EXPL: 1CVE-2011-2890
https://notcve.org/view.php?id=CVE-2011-2890
The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488. La clase MediaViewMedia en administrator/components/com_media/opiniones/media/view.html.php en Joomla! v1.5.23 y anteriores permite a atacantes remotos obtener información sensible a través de vectores que implican la variable base, lo que lleva a la divulgación de la ruta de instalación, una vulnerabilidad diferente a CVE-2011-2488. • http://www.openwall.com/lists/oss-security/2011/07/01/1 https://exchange.xforce.ibmcloud.com/vulnerabilities/68882 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •