CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7741
https://notcve.org/view.php?id=CVE-2019-7741
12 Feb 2019 — An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS. Se ha descubierto un problema en versiones anteriores a la 3.9.3 de Joomla!. Las comprobaciones incorrectas de las opciones de la URL de ayuda "Global Configuration" permitían Cross-Site Scripting (XSS) persistente. • https://developer.joomla.org/security-centre/768-20190204-core-stored-xss-issue-in-the-global-configuration-help-url-2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7744
https://notcve.org/view.php?id=CVE-2019-7744
12 Feb 2019 — An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability. Se ha descubierto un problema en versiones anteriores a la 3.9.3 de Joomla!. El filtrado inadecuado de los campos de URL en varios componentes core podría conducir a una vulnerabilidad XSS. • https://developer.joomla.org/security-centre/765-20190201-core-lack-of-url-filtering-in-various-core-components • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-7743
https://notcve.org/view.php?id=CVE-2019-7743
12 Feb 2019 — An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files. Se ha descubierto un problema en versiones anteriores a la 3.9.3 de Joomla!. El wrapper de transmisión phar:// puede emplearse para ataques de inyección de objetos debido a que no existe un mecanismo de protección (como el wrapper de transmisión PHAR T... • http://www.securityfocus.com/bid/107050 • CWE-502: Deserialization of Untrusted Data CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7742
https://notcve.org/view.php?id=CVE-2019-7742
12 Feb 2019 — An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector. Se ha descubierto un problema en versiones anteriores a la 3.9.3 de Joomla!. Una combinación de configuraciones específicas del servidor web, junto con tipos de archivo concretos y el rastreo de tipo MIME del lado del servidor, provoca un vector de ataque XSS. • https://developer.joomla.org/security-centre/766-20190202-core-browserside-mime-type-sniffing-causes-xss-attack-vectors • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7740
https://notcve.org/view.php?id=CVE-2019-7740
12 Feb 2019 — An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector. Se ha descubierto un problema en versiones anteriores a la 3.9.3 de Joomla!. El manejo inadecuado de parámetros en el código JavaScript (writeDynaList en core.js) podría conducir a un vector de ataque XSS. • https://developer.joomla.org/security-centre/769-20190205-core-xss-issue-in-core-js-writedynalist • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6261
https://notcve.org/view.php?id=CVE-2019-6261
16 Jan 2019 — An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability. Se ha descubierto un problema en versiones anteriores a la 3.9.2 de Joomla!. El escapado incorrecto en com_contact conduce a una vulnerabilidad de Cross-Site Scripting (XSS) persistente. • http://www.securityfocus.com/bid/106638 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6262
https://notcve.org/view.php?id=CVE-2019-6262
16 Jan 2019 — An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS. Se ha descubierto un problema en versiones anteriores a la 3.9.2 de Joomla!. Las comprobaciones incorrectas de las opciones de la URL de ayuda "Global Configuration" permitían Cross-Site Scripting (XSS) persistente. • http://www.securityfocus.com/bid/106638 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2019-6263 – Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings
https://notcve.org/view.php?id=CVE-2019-6263
16 Jan 2019 — An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS. Se ha descubierto un problema en versiones anteriores a la 3.9.2 de Joomla!. Las comprobaciones incorrectas de las opciones del filtrado de texto "Global Configuration" permitían Cross-Site Scripting (XSS) persistente. • https://packetstorm.news/files/id/151234 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6264
https://notcve.org/view.php?id=CVE-2019-6264
16 Jan 2019 — An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability. Se ha descubierto un problema en versiones anteriores a la 3.9.2 de Joomla!. El escapado incorrecto en mod_banners conduce a una vulnerabilidad de Cross-Site Scripting (XSS) persistente. • http://www.securityfocus.com/bid/106638 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17859
https://notcve.org/view.php?id=CVE-2018-17859
09 Oct 2018 — An issue was discovered in Joomla! before 3.8.13. Inadequate checks in com_contact could allow mail submission in disabled forms. Se ha descubierto un problema en Joomla! en versiones anteriores a la 03/08/2013. • http://www.securityfocus.com/bid/105559 •