CVE-2019-12765
- EPSS 10.49%
- Veröffentlicht 11.06.2019 19:29:00
- Zuletzt bearbeitet 21.11.2024 04:23:31
An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection.
CVE-2019-12766
- EPSS 0.92%
- Veröffentlicht 11.06.2019 19:29:00
- Zuletzt bearbeitet 21.11.2024 04:23:32
An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors.
CVE-2019-11809
- EPSS 0.79%
- Veröffentlicht 20.05.2019 13:29:04
- Zuletzt bearbeitet 21.11.2024 04:21:48
An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.
CVE-2019-11831
- EPSS 5.59%
- Veröffentlicht 09.05.2019 04:29:01
- Zuletzt bearbeitet 21.11.2024 04:21:50
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/b...
CVE-2019-11358
- EPSS 87.22%
- Veröffentlicht 20.04.2019 00:29:00
- Zuletzt bearbeitet 21.11.2024 04:20:56
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n...
CVE-2019-10945
- EPSS 38.02%
- Veröffentlicht 10.04.2019 19:29:00
- Zuletzt bearbeitet 21.11.2024 04:20:12
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.
CVE-2019-10946
- EPSS 1.1%
- Veröffentlicht 10.04.2019 19:29:00
- Zuletzt bearbeitet 21.11.2024 04:20:12
An issue was discovered in Joomla! before 3.9.5. The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users.
CVE-2019-9711
- EPSS 0.75%
- Veröffentlicht 12.03.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:52:09
An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS.
CVE-2019-9712
- EPSS 0.75%
- Veröffentlicht 12.03.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:52:09
An issue was discovered in Joomla! before 3.9.4. The JSON handler in com_config lacks input validation, leading to XSS.
CVE-2019-9713
- EPSS 1.69%
- Veröffentlicht 12.03.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:52:09
An issue was discovered in Joomla! before 3.9.4. The sample data plugins lack ACL checks, allowing unauthorized access.