18 matches found
CVE-2026-30894
Lack of output escaping leads to a XSS vector in the content history component...
BIT-JOOMLA-2026-30894 Joomla! Core - [20260503] - XSS in com_contenthistory
Lack of output escaping leads to a XSS vector in the content history component...
CVE-2026-30894
Lack of output escaping leads to a XSS vector in the content history component...
CVE-2026-30894 Joomla! Core - [20260503] - XSS in com_contenthistory
Lack of output escaping leads to a XSS vector in the content history component...
CVE-2026-30894
Lack of output escaping leads to a XSS vector in the content history component...
CVE-2026-30894 Joomla! Core - [20260503] - XSS in com_contenthistory
Lack of output escaping leads to a XSS vector in the content history component...
CVE-2026-30894
CVE-2026-30894 affects Joomla! Core – com_contenthistory. The issue arises from lack of output escaping in the content history component, enabling a XSS vector. CVSS4.0 metrics indicate: Network attack vector, Low attack complexity, High privileges required, Passive user interaction; base score 6...
EUVD-2026-31872
Lack of output escaping leads to a XSS vector in the content history component...
PT-2026-43289
Name of the Vulnerable Software and Affected Versions Joomla CMS affected versions not specified Description Lack of output escaping in the content history component allows for a Cross-Site Scripting XSS vector. XSS is a flaw where an attacker injects malicious scripts into content that is then...
Joomla! CMS 跨站脚本漏洞
Joomla! CMS is a content management system developed under the open source Joomla! framework. Joomla! CMS has a cross-site scripting vulnerability, which stems from the lack of output escaping. This vulnerability may lead to cross-site scripting attacks within the content history component of the...
Exposure of Private Personal Information to an Unauthorized Actor
Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor via the /revisions endpoint, which exposes the full revision history of deleted content to unauthenticated attackers. Remediation Upgrade...
GHSA-5W5R-8XC6-2XHW Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized users to retrieve restricted o...
PT-2026-6207
Name of the Vulnerable Software and Affected Versions Apache Answer versions through 1.7.1 github.com/apache/answer versions prior to 2.0.0 Description An issue exists in Apache Answer where an unauthenticated API endpoint incorrectly exposes the full revision history of deleted content. This...
Joomla 3.x <= 3.4.4模块Content History存在SQL注入漏洞
No description provided by source...
Joomla Content History SQL Injection Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Joomla Content History SQLi Remote Code Execution", 'Description' = %q This module exploits a SQL injection vulnerability found in...
Joomla Sqli vulnerability analysis-vulnerability warning-the black bar safety net
A vulnerability analysis of the vulnerability trigger code is located at:/administrator/components/comcontenthistory/models/history.php, getListQueryfunction: ! Through the SQL and the error message, you can know that our injected payload is inserted into the red box part. Follow the...
Joomla! com_contenthistory component information disclosure vulnerability
Joomla! is an open source content management system CMS. An information disclosure vulnerability exists in the Joomla! comcontenthistory component, which can be exploited by remote attackers to obtain sensitive information...
Joomla Content History SQLi Remote Code Execution
This module exploits a SQL injection vulnerability found in Joomla versions 3.2 up to 3.4.4. The vulnerability exists in the Content History administrator component in the core of Joomla. Triggering the SQL injection makes it possible to retrieve active Super User sessions. The cookie can be used...