CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7742
https://notcve.org/view.php?id=CVE-2019-7742
12 Feb 2019 — An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector. Se ha descubierto un problema en versiones anteriores a la 3.9.3 de Joomla!. Una combinación de configuraciones específicas del servidor web, junto con tipos de archivo concretos y el rastreo de tipo MIME del lado del servidor, provoca un vector de ataque XSS. • https://developer.joomla.org/security-centre/766-20190202-core-browserside-mime-type-sniffing-causes-xss-attack-vectors • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 180EXPL: 0CVE-2017-11364
https://notcve.org/view.php?id=CVE-2017-11364
02 Aug 2017 — The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs. El instalador CMS en versiones anteriores a la 3.7.4 de Joomla! no verifica la propiedad de un usuario en un espacio web, lo que permite que usuarios remotos autenticados consigan control sobre la aplicación objetivo, haciendo uso de los logs del estándar Certificate Transparency. • http://www.securitytracker.com/id/1039015 • CWE-295: Improper Certificate Validation •
CVSS: 6.1EPSS: 2%CPEs: 2EXPL: 3CVE-2012-1018 – Joomla! Component Currency Converter 1.0.0 - 'from' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-1018
08 Feb 2012 — Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the from parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en includes/convert.php en el módulo D-Mack Media Currency Converter (mod_currencyconverter) v1.0.0 para Joomla! permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del ... • https://www.exploit-db.com/exploits/36659 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2010-4927 – Joomla! Component Restaurant Guide 1.0.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-4927
09 Oct 2011 — SQL injection vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a country action to index.php. Vulnerabilidad de inyección SQL en el componente Restaurant Guide (com_restaurantguide) v1.0.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id en una acción "country" sobre index.php. • https://www.exploit-db.com/exploits/15040 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 2%CPEs: 2EXPL: 3CVE-2010-4928 – Joomla! Component Restaurant Guide 1.0.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-4928
09 Oct 2011 — Cross-site scripting (XSS) vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML by placing it after a > (greater than) character. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente Restaurant Guide (com_restaurantguide) v1.0.0 para Joomla!, permite a atacantes remotos inyectar secuencias de comandos web o HTML situándolo después del caracter > (mayor que) • https://www.exploit-db.com/exploits/15040 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 4CVE-2011-0511 – Joomla! Component allCineVid 1.0.0 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2011-0511
20 Jan 2011 — SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. Vulnerabilidad de inyección SQL en team.php en el componente allCineVid (com_allcinevid) v1.0.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id en index.php • https://www.exploit-db.com/exploits/16010 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 3CVE-2011-0005 – Joomla! 1.0.x - 'ordering' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-0005
11 Jan 2011 — Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo com_search de Joomla! 1.0.x hasta la 1.0.15. Permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través del parámetro ordering de index.php. • https://www.exploit-db.com/exploits/35167 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2010-4638 – Joomla! Component JQuarks4s 1.0.0 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-4638
30 Dec 2010 — SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php. Vulnerabilidad de inyección SQL en la función submitSurvey de controller.php del componente JQuarks4s (com_jquarks4s) 1.0.0 de Joomla!. Si magic_quotes_gpc está deshabilitado, permite a atacantes remotos ejecutar comandos SQL d... • https://www.exploit-db.com/exploits/15466 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 1%CPEs: 10EXPL: 4CVE-2010-2507 – Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2507
28 Jun 2010 — Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Picasa2Gallery (com_picasa2gallery) v1.2.8 y anteriores para Joomla!, permite a atacantes remotos leer ficheros locales de su elección y posiblemente otras acciones con impacto desconocido... • https://www.exploit-db.com/exploits/13981 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 4%CPEs: 2EXPL: 3CVE-2010-2464 – Joomla! Component RSComments 1.0.0 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-2464
25 Jun 2010 — Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website and (2) name parameters to index.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados ( XSS) en el componente RSComments (com_rscomments) v1.0.0 Rev 2 para Joomla! permite a atacantes remotos inyectar código web o HTML de su elección a través de los parámetros (1) website y (2) name e... • https://www.exploit-db.com/exploits/13935 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •