CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 2CVE-2009-1938 – Joomla! < 1.5.11 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-1938
Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Joomla! v.1.5.x hasta la v1.5.10. Permite a usuarios remotos inyectar codigo de script web o código HTML a través de vectores de ataque no especificados relacionados con la salida de la base de datos y el panel de administración de "frontend". • https://www.exploit-db.com/exploits/33022 http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html http://secunia.com/advisories/35278 http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html http://www.osvdb.org/54868 http://www.securityfocus.com/bid/35189 http://www.vupen.com/english/advisories/2009/1497 https://exchange.xforce.ibmcloud.com/vulnerabilities/50923 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 35EXPL: 0CVE-2008-6299
https://notcve.org/view.php?id=CVE-2008-6299
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission." Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados - XSS - en Joomla! v1.5.7 y anteriores, permite a usuarios autentificados remotos inyectar una secuencia de comandos web o HTML a través de (1) los parámetros "title" y "descripción" en el módulo com_weblinks y (2) vectores no especificados cen el modulo com_content relativo a "article submission.". • http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html http://secunia.com/advisories/32622 http://www.joomla.org/announcements/release-news/5219-joomla-158-released.html http://www.securityfocus.com/bid/32263 http://www.vupen.com/english/advisories/2008/3104 https://exchange.xforce.ibmcloud.com/vulnerabilities/46523 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •