Page 8 of 40 results (0.008 seconds)

CVSS: 3.5EPSS: 0%CPEs: 21EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en el Back End en Joomla! v1.5.x anterior a 1.5.20, permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML de su elección a través de las pantallas de administración. • http://developer.joomla.org/security/news/318-20100704-core-xss-vulnerabilitis-in-back-end.html http://www.ocert.org/advisories/ocert-2010-002.html http://www.openwall.com/lists/oss-security/2010/07/20/2 http://www.openwall.com/lists/oss-security/2010/07/21/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados(XSS) en el backend de Joomla! v1.5 a v1.5.17 permiten a atacantes remotos inyectar HTML o secuencias de comandos web a través de vectores desconocidos relacionados con "varias pantallas de administrador". Posiblemente se trate del parámetro de búsqueda en administrator/index.php. • http://developer.joomla.org/security/news/314-20100501-core-xss-vulnerabilities-in-back-end.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29 http://secunia.com/advisories/39964 http://www.osvdb.org/65011 http://www.securityfocus.com/bid/40444 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0

Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request. Joomla! versiones anteriores a v1.5.15 permite a atacantes remotos leer el fichero XML de una extensión, y de ese modo obtener el número de versión de la extensión, mediante una petición directa. • http://developer.joomla.org/security/news/306-20091103-core-xml-file-read-issue.html http://secunia.com/advisories/37262 http://www.osvdb.org/59800 https://exchange.xforce.ibmcloud.com/vulnerabilities/54160 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0

Unspecified vulnerability in the Front-End Editor in the com_content component in Joomla! before 1.5.15 allows remote authenticated users, with Author privileges, to replace the articles of an arbitrary user via unknown vectors. Vulnerabilidad no especificada en el Front-End Editor del componente com_content en Joomla! versiones anteriores a v1.5.15 permite a usuarios autenticados remotamente, con privilegios "Author", reemplazar los artículos de un usuario de su elección mediante vectores desconocidos. • http://developer.joomla.org/security/news/305-20091103-core-front-end-editor-issue-.html http://osvdb.org/59801 http://secunia.com/advisories/37262 https://exchange.xforce.ibmcloud.com/vulnerabilities/54161 •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3

SQL injection vulnerability in the foobla Suggestions (com_foobla_suggestions) component 1.5.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the idea_id parameter to index.php. Vulnerabilidad de inyección SQL en el componente para Joomla! foobla Suggestions (com_foobla_suggestions) v1.5.11 permite a atacantes remotos ejecutar comandos SQL a través del parámetro idea_id a index.php. • https://www.exploit-db.com/exploits/9697 http://www.exploit-db.com/exploits/9697 http://www.securityfocus.com/bid/36425 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •