CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2010-2514
https://notcve.org/view.php?id=CVE-2010-2514
28 Jun 2010 — Cross-site scripting (XSS) vulnerability in the JFaq (com_jfaq) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the question parameter in an add2 action to index.php. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente JFaq (com_jfaq) v1.2 para Joomla!, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro question en una acción add2 sobre index.php. • http://osvdb.org/65694 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2010-2515
https://notcve.org/view.php?id=CVE-2010-2515
28 Jun 2010 — Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with "Public Front-end" permissions to execute arbitrary SQL commands via the titlu parameter (title field). NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de inyección SQL en index.php en el componente JFa... • http://osvdb.org/65695 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •