CVE-2021-4226 – RSFirewall < 1.1.25 - IP Block Bypass
https://notcve.org/view.php?id=CVE-2021-4226
RSFirewall tries to identify the original IP address by looking at different HTTP headers. A bypass is possible due to the way it is implemented. RSFirewall intenta identificar la dirección IP original observando diferentes encabezados HTTP. Es posible una omisión debido a la forma en que se implementa. The RSFirewall! • https://wpscan.com/vulnerability/c0ed80c8-ebbf-4ed9-b02f-31660097c352 • CWE-348: Use of Less Trusted Source •
CVE-2010-2464 – Joomla! Component RSComments 1.0.0 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-2464
Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website and (2) name parameters to index.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados ( XSS) en el componente RSComments (com_rscomments) v1.0.0 Rev 2 para Joomla! permite a atacantes remotos inyectar código web o HTML de su elección a través de los parámetros (1) website y (2) name en index.php. • https://www.exploit-db.com/exploits/13935 http://packetstormsecurity.org/1006-exploits/joomlarscomments-xss.txt http://secunia.com/advisories/40278 http://www.exploit-db.com/exploits/13935 http://www.rsjoomla.com/customer-support/documentations/96--general-overview-of-the-component/393-changelog.html http://www.securityfocus.com/bid/40977 https://exchange.xforce.ibmcloud.com/vulnerabilities/59578 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •