➠ CVE-2022-27913 | Joomla up to 4.2.3 cross site scripting
A vulnerability has been found in Joomla up to 4.2.3 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2022-27913. The attack can be launched remotely. There is no exploit available....
Zur Startseite
➤ Ähnliche Beiträge für 'CVE-2022-27913 | Joomla up to 4.2.3 cross site scripting'
[20220301] - Core - Zip Slip within the Tar extractor
vom 1393.01 Punkte
Extracting a specifically crafted tar package could write files outside of the intended path. [CVE-2022-23793]
This vulnerability affects the following application versions:
Joomla 2.5.0
Joomla 2.5.1
Joo
[20220306] - Core - Inadequate validation of internal URLs
vom 1393.01 Punkte
Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not [CVE-2022-23798].
This vulnerability affects the following application versions:
Joomla 2.5.0
Joomla 2.5.1
[20210703] Lack of enforced session termination
vom 1263.1 Punkte
Various CMS functions did not properly terminate existing user sessions when a user's password was changed or the user was blocked.
This vulnerability affects the following application versions:
Joomla 2.5.0
Joomla 2.5.1
[20210704] Privilege escalation through com_installer
vom 1263.1 Punkte
Install action in com_installer lacked the required hardcoded ACL checks for superusers, lead to various potential attack vectors. A default system wasn't affected, because by default com_installer is limited to super users already.
This vulnerabi
[20210701] XSS in JForm Rules field
vom 1263.1 Punkte
Inadequate escaping in the Rules field of the JForm API was leading to a XSS vulnerability.
This vulnerability affects the following application versions:
Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
[20210503] CSRF in data download endpoints
vom 1255.16 Punkte
A missing token check caused a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo.
This vulnerability affects the following application versions:
Joomla 2.5.0
Joomla 2.5.1
Joo
[20210402] Inadequate filters on module layout settings
vom 1249.41 Punkte
Inadequate filters on module layout settings could lead to a LFI (Local File Inclusion).
CVE Number: CVE-2021-26031
This vulnerability affects the following application versions:
Joomla 2.5.0
Joomla 2.5.1
[20210309] Inadequate filtering of form contents could allow to overwrite the author field
vom 1240.37 Punkte
Inadequate filtering of form contents could allow to overwrite the author field. The affected core components were com_fields, com_categories, com_banners, com_contact, com_newsfeeds and com_tags.
CVE-2021-26029
This vulnerability affects the follo
[20210307] ACL violation within com_content frontend editing
vom 1240.37 Punkte
Incorrect ACL checks could allow unauthorized change of the category for an article.
CVE-2021-26027
This vulnerability affects the following application versions:
Joomla 2.5.0
Joomla 2.5.1
[20210306] com_media Allowed paths that were not intended for image uploads
vom 1240.37 Punkte
com_media allowed paths that were not intended for image uploads.
CVE-2021-23132
This vulnerability affects the following application versions:
Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.
[20201107] Write ACL violation in multiple core views
vom 1223.38 Punkte
Lack of input validation while handling ACL rulesets could caused write ACL violations.
This vulnerability affects the following application versions:
Joomla 2.5.0
Joomla 2.5.1
Joo
[20200802] Open redirect in com_content vote feature
vom 1207.49 Punkte
Lack of input validation in com_content lead to an open redirect.
This vulnerability affects the following application versions:
Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2