CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2013-3058
https://notcve.org/view.php?id=CVE-2013-3058
03 May 2013 — Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Joomla! v2.5.x anterior a v2.5.10 y v3.0.x anterior a v3.0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores sin especificar. • http://developer.joomla.org/security/81-20130403-core-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2013-3059
https://notcve.org/view.php?id=CVE-2013-3059
03 May 2013 — Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el plugin Voting en Joomla! v2.5.x anterior a v2.5.10 y v3.0.x anterior a v3.0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores sin especificar. • http://developer.joomla.org/security/80-20130405-core-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 14EXPL: 3CVE-2013-3242 – Joomla! 3.0.3 - 'remember.php' PHP Object Injection
https://notcve.org/view.php?id=CVE-2013-3242
03 May 2013 — plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors. plugins/system/remember/remember.php en Joomla! v2.5.x anterior a v2.5.10 y v3.0.x anterior a v3.0.4 no controla correctamente un objeto obtenido por la "serialización" de una cookie, lo que permite a los usuarios r... • https://www.exploit-db.com/exploits/25087 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2013-3267
https://notcve.org/view.php?id=CVE-2013-3267
03 May 2013 — Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el plugin highlighter en Joomla! v2.5.x anterior a v2.5.10 y v3.0.x anterior a v3.0.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://developer.joomla.org/security/86-20130407-core-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 12EXPL: 2CVE-2013-1453 – Joomla! 3.0.2 - 'highlight.php' PHP Object Injection
https://notcve.org/view.php?id=CVE-2013-1453
13 Feb 2013 — plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist. El archivo plugins/system/highlight/highlight.... • https://www.exploit-db.com/exploits/24551 •