24 results (0.009 seconds)

CVSS: 7.5EPSS: 0%CPEs: 39EXPL: 3

SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter. Vulnerabilidad de inyección SQL en componentes IXXO Cart Standalone anterior v3.9.6.1, y IXXO Cart para Joomla! v1.0.x, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro parent. • https://www.exploit-db.com/exploits/9276 http://secunia.com/advisories/36009 http://www.davidsopas.com/2009/07/25/ixxo-cart-standalone-and-joomla-component-sql-injection http://www.exploit-db.com/exploits/9276 http://www.securityfocus.com/archive/1/505266/100/0/threaded http://www.securityfocus.com/bid/35810 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 1

Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el panel panel administrador del componente com_users de Joomla! en las versiones v.1.5.x hasta la v1.5.10. Permite a usuarios remotos inyectar codigo de script web o código HTML a través de vectores de ataque no especificados. • http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html http://osvdb.org/54869 http://secunia.com/advisories/35278 http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html http://www.securityfocus.com/bid/35189 http://www.vupen.com/english/advisories/2009/1497 https://exchange.xforce.ibmcloud.com/vulnerabilities/50924 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 2

Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Joomla! v.1.5.x hasta la v1.5.10. Permite a usuarios remotos inyectar codigo de script web o código HTML a través de vectores de ataque no especificados relacionados con la salida de la base de datos y el panel de administración de "frontend". • https://www.exploit-db.com/exploits/33022 http://developer.joomla.org/security/news/297-20090602-core-frontend-xss.html http://secunia.com/advisories/35278 http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html http://www.osvdb.org/54868 http://www.securityfocus.com/bid/35189 http://www.vupen.com/english/advisories/2009/1497 https://exchange.xforce.ibmcloud.com/vulnerabilities/50923 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 1

Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en plantilla JA_Purity para Joomla! v1.5.x hasta v1.5.10 permite a atacantes remotos inyectar HTML y secuencias de comandos web a través de vectores no especificados. • http://developer.joomla.org/security/news/296-20090602-core-japurity-xss.html http://osvdb.org/54870 http://secunia.com/advisories/35278 http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html http://www.securityfocus.com/bid/35189 http://www.vupen.com/english/advisories/2009/1497 https://exchange.xforce.ibmcloud.com/vulnerabilities/50922 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.6EPSS: 0%CPEs: 14EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in the com_content component. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Joomla! v1.5 hasta 1.5.9, permite a atacantes remotos web script o HTML de su elección a través de vectores no especificados en los componentes (1) com_admin, (2) com_search cuando "Gather Search Statistics" está disponible y (3) la vista categoría en com_content. • http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html http://secunia.com/advisories/34551 http://www.securityfocus.com/bid/34360 https://exchange.xforce.ibmcloud.com/vulnerabilities/49654 https://exchange.xforce.ibmcloud.com/vulnerabilities/49655 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •