2 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in the Lyftenbloggie (com_lyftenbloggie) component 1.1.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) tag and (2) category parameters to index.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente Lyftenbloggie v1.1.0 (com_lyftenbloggie) para Joomla! permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la etiqueta los parámetros (1) tag y (2) category a index.php. • http://packetstormsecurity.org/files/view/96761/joomlalyftenbloggie-xss.txt http://secunia.com/advisories/42677 http://www.securityfocus.com/bid/45468 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2

SQL injection vulnerability in Lyften Designs LyftenBloggie (com_lyftenbloggie) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter to index.php. Vulnerabilidad de inyección SQL en el componente Lyften Designs LyftenBloggie (com_lyftenbloggie) v1.0.4 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro author en index.php. • https://www.exploit-db.com/exploits/10238 http://osvdb.org/60518 http://secunia.com/advisories/37499 http://securityreason.com/exploitalert/7480 http://www.securityfocus.com/bid/37140 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •