CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10243
https://notcve.org/view.php?id=CVE-2020-10243
An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://developer.joomla.org/security-centre/807-20200306-core-sql-injection-in-featured-articles-menu-parameters • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10242
https://notcve.org/view.php?id=CVE-2020-10242
An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://developer.joomla.org/security-centre/803-20200302-core-xss-in-protostar-and-beez3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10240
https://notcve.org/view.php?id=CVE-2020-10240
An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://developer.joomla.org/security-centre/805-20200304-core-identifier-collisions-in-com-users • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-10238
https://notcve.org/view.php?id=CVE-2020-10238
An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://github.com/HoangKien1020/CVE-2020-10238 https://developer.joomla.org/security-centre/804-20200303-core-incorrect-access-control-in-com-templates • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8419
https://notcve.org/view.php?id=CVE-2020-8419
An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities. Se detectó un problema en Joomla! versiones anteriores a 3.9.15. • https://developer.joomla.org/security-centre/798-20200101-core-csrf-in-batch-actions • CWE-352: Cross-Site Request Forgery (CSRF) •