CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15695
https://notcve.org/view.php?id=CVE-2020-15695
15 Jul 2020 — An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF vulnerability. Se detectó un problema en Joomla! versiones hasta el 3.9.19. • https://developer.joomla.org/security-centre/820-20200703-core-csrf-in-com-privacy-remove-request-feature.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2020-13760
https://notcve.org/view.php?id=CVE-2020-13760
02 Jun 2020 — In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF. En Joomla! versiones anteriores a 3.9.19, la falta de comprobaciones de token en com_postinstall conlleva a un ataque de tipo CSRF. • https://developer.joomla.org/security-centre/817-20200605-core-csrf-in-com-postinstall • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2020-13761
https://notcve.org/view.php?id=CVE-2020-13761
02 Jun 2020 — In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS. En Joomla! versiones anteriores a 3.9.19, la falta de comprobación de entrada en la opción heading tag de los módulos "Articles - Newsflash" y "Articles - Categories" permite un ataque de tipo XSS. • https://developer.joomla.org/security-centre/813-20200601-core-xss-in-modules-heading-tag-option • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13762
https://notcve.org/view.php?id=CVE-2020-13762
02 Jun 2020 — In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows XSS. En Joomla! versiones anteriores a 3.9.19, una comprobación de entrada incorrecta de la opción module tag en com_modules permite un ataque de tipo XSS. • https://developer.joomla.org/security-centre/815-20200603-core-xss-in-com-modules-tag-options • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-13763
https://notcve.org/view.php?id=CVE-2020-13763
02 Jun 2020 — In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users. En Joomla! versiones anteriores a 3.9.19, los ajustes predeterminados de la configuración global textfilter no bloquea las entradas HTML para usuarios Invitados. • https://developer.joomla.org/security-centre/814-20200602-core-inconsistent-default-textfilter-settings • CWE-281: Improper Preservation of Permissions •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11891
https://notcve.org/view.php?id=CVE-2020-11891
21 Apr 2020 — An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups. Se descubrió un problema en Joomla! versiones anteriores a la versión 3.9.17. • https://developer.joomla.org/security-centre/809-20200401-core-incorrect-access-control-in-com-users-access-level-editing-function.html •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11889
https://notcve.org/view.php?id=CVE-2020-11889
21 Apr 2020 — An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups. Se descubrió un problema en Joomla! versiones anteriores a la versión 3.9.17. • https://developer.joomla.org/security-centre/811-20200403-core-incorrect-access-control-in-com-users-access-level-deletion-function •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-11890
https://notcve.org/view.php?id=CVE-2020-11890
21 Apr 2020 — An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration. Se descubrió un problema en Joomla! versiones anteriores a la versión 3.9.17. • https://github.com/HoangKien1020/CVE-2020-11890 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10243
https://notcve.org/view.php?id=CVE-2020-10243
16 Mar 2020 — An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://developer.joomla.org/security-centre/807-20200306-core-sql-injection-in-featured-articles-menu-parameters • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10242
https://notcve.org/view.php?id=CVE-2020-10242
16 Mar 2020 — An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://developer.joomla.org/security-centre/803-20200302-core-xss-in-protostar-and-beez3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •