CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2019-9922
https://notcve.org/view.php?id=CVE-2019-9922
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files. Se ha descubierto un fallo en el componente "Harmis JE Messenger" para Joomla! en su versión 1.2.2. Un salto de directorio permite el acceso de lectura en archivos arbitrarios. • https://extensions.joomla.org/extension/je-messenger https://github.com/azd-cert/CVE/blob/master/CVEs/CVE-2019-9922.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9921
https://notcve.org/view.php?id=CVE-2019-9921
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user. Se ha descubierto un fallo en el componente "Harmis JE Messenger" para Joomla! en su versión 1.2.2. Es posible leer información que solamente debería ser accesible a un usuario diferente. • https://extensions.joomla.org/extension/je-messenger https://github.com/azd-cert/CVE/blob/master/CVEs/CVE-2019-9921.md • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9920
https://notcve.org/view.php?id=CVE-2019-9920
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to perform an action within the context of the account of another user. Se ha descubierto un fallo en el componente "Harmis JE Messenger" para Joomla! en su versión 1.2.2. Es posible realizar una acción dentro del contexto de la cuenta de otro usuario. • https://extensions.joomla.org/extension/je-messenger https://github.com/azd-cert/CVE/blob/master/CVEs/CVE-2019-9920.md •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9919
https://notcve.org/view.php?id=CVE-2019-9919
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when the message is opened, aka XSS. Se ha descubierto un fallo en el componente "Harmis JE Messenger" para Joomla! en su versión 1.2.2. Es posible manipular los mensajes de modo que el código JavaScript se ejecute en el lado del usuario receptor cuando dicho mensaje se abra. • https://extensions.joomla.org/extension/je-messenger https://github.com/azd-cert/CVE/blob/master/CVEs/CVE-2019-9919.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9918
https://notcve.org/view.php?id=CVE-2019-9918
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database. Se ha descubierto un fallo en el componente "Harmis JE Messenger" para Joomla! en su versión 1.2.2. • https://extensions.joomla.org/extension/je-messenger https://github.com/azd-cert/CVE/blob/master/CVEs/CVE-2019-9918.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •