CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35612 – [20201103] - Core - Path traversal in mod_random_image
https://notcve.org/view.php?id=CVE-2020-35612
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability. Se detectó un problema en Joomla! versiones 2.5.0 hasta 3.9.22. • https://developer.joomla.org/security-centre/830-20201103-core-path-traversal-in-mod-random-image.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35611 – [20201102] - Core - Disclosure of secrets in Global Configuration page
https://notcve.org/view.php?id=CVE-2020-35611
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values. Se detectó un problema en Joomla! versiones 2.5.0 hasta 3.9.22. • https://developer.joomla.org/security-centre/829-20201102-core-disclosure-of-secrets-in-global-configuration-page.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35610 – [20201101] - Core - com_finder ignores access levels on autosuggest
https://notcve.org/view.php?id=CVE-2020-35610
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The autosuggestion feature of com_finder did not respect the access level of the corresponding terms. Se detectó un problema en Joomla! versiones 2.5.0 hasta 3.9.22. • https://developer.joomla.org/security-centre/828-20201101-core-com-finder-ignores-access-levels-on-autosuggest.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24598
https://notcve.org/view.php?id=CVE-2020-24598
An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of com_content leads to an open redirect. Se detectó un problema en Joomla! versiones anteriores a 3.9.21. • https://developer.joomla.org/security-centre/825-20200802-core-open-redirect-in-com-content-vote-feature • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24599
https://notcve.org/view.php?id=CVE-2020-24599
An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS attacks. Se detectó un problema en Joomla! versiones anteriores a 3.9.21. • https://developer.joomla.org/security-centre/824-20200801-core-xss-in-mod-latestactions • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •