Lucene search
K

68 matches found

CNVD
CNVD
added 2018/06/27 12:0 a.m.3 views

Joomla! cross-site scripting vulnerability (CNVD-2018-17882)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A reflective cross-site scripting vulnerability exists in the language switching...

6.1CVSS6.8AI score0.01413EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/06/27 12:0 a.m.28 views

Joomla 'Language Switcher' Module XSS Vulnerability (20180602)

Joomla is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla";...

6.1CVSS6.7AI score0.01413EPSS
Exploits0References1
OSV
OSV
added 2018/06/26 7:29 p.m.10 views

CVE-2018-12711

An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the...

6.1CVSS6.2AI score
Exploits0References3
Prion
Prion
added 2018/06/26 7:29 p.m.18 views

Cross site scripting

An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the...

4.3CVSS6.1AI score0.01413EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2018/06/26 7:29 p.m.10 views

CVE-2018-12711

An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the...

6.1CVSS6.1AI score0.01413EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/06/26 7:0 p.m.23 views

CVE-2018-12711

An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the...

6.2AI score0.01413EPSS
Exploits0References3
Veracode
Veracode
added 2018/05/17 9:51 a.m.23 views

Open Redirect

Drupal is vulnerable to open redirects. A malicious user can inject a malicious link to the application through the language switcher, which can then be used to cause open redirects...

4.7CVSS5.6AI score0.01196EPSS
Exploits0References3Affected Software2
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/05/07 12:0 a.m.30 views

[20180602] - Core - XSS vulnerability in language switcher module

In some cases the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page url...

6.1CVSS7.3AI score0.01413EPSS
Exploits0Affected Software1
OSV
OSV
added 2018/03/01 11:29 p.m.4 views

UBUNTU-CVE-2017-6932

Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an externa...

4.7CVSS6.5AI score0.01196EPSS
Exploits0References3
Prion
Prion
added 2018/03/01 11:29 p.m.19 views

Design/Logic Flaw

Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an externa...

5.8CVSS5.2AI score0.01196EPSS
Exploits0References3Affected Software2
UbuntuCve
UbuntuCve
added 2018/03/01 11:29 p.m.27 views

CVE-2017-6932

Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an externa...

5.8CVSS6.6AI score0.01196EPSS
Exploits0References2
NVD
NVD
added 2018/03/01 11:29 p.m.16 views

CVE-2017-6932

Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an externa...

5.8CVSS4.9AI score0.01196EPSS
Exploits0References3
OSV
OSV
added 2018/03/01 11:29 p.m.18 views

CVE-2017-6932

Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an externa...

4.7CVSS5.2AI score
Exploits0References3
Cvelist
Cvelist
added 2018/03/01 10:0 p.m.24 views

CVE-2017-6932

Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an externa...

5.5AI score0.01196EPSS
Exploits0References3
NVD
NVD
added 2015/07/06 3:59 p.m.13 views

CVE-2014-9737

Open redirect vulnerability in the Language Switcher Dropdown module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a block...

5.8CVSS6.7AI score0.01191EPSS
Exploits0References3
Prion
Prion
added 2015/07/06 3:59 p.m.14 views

Open redirect

Open redirect vulnerability in the Language Switcher Dropdown module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a block...

5.8CVSS7.1AI score0.01191EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2015/07/06 2:55 p.m.40 views

CVE-2014-9737

Open redirect in Drupal Language Switcher Dropdown module (7.x-1.x) prior to 7.x-1.4. The module does not validate the redirect URL in the block, allowing attackers to redirect users to arbitrary sites and facilitate phishing. Affected: Drupal 7.x-1.x versions before 7.x-1.4. Mitigation: upgrade ...

5.8CVSS6.9AI score0.01191EPSS
Exploits0References3Affected Software1
Drupal
Drupal
added 2014/01/22 12:0 a.m.20 views

SA-CONTRIB-2014-006 - Language Switcher Dropdown - Open Redirect

The Language Switcher Dropdown module enables you to place a block with a convenient drop-down language switcher. After choosing a value the user is redirected to the url of the relevant language. The module doesn't check that the url provided is a valid internal path prior to redirecting. CVE...

5.8CVSS6.4AI score0.01191EPSS
Exploits0References10
NVD
NVD
added 2012/10/31 4:55 p.m.17 views

CVE-2012-4532

Cross-site scripting XSS vulnerability in modules/modlanguages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php. NOTE: some of these details are obtained from third party...

4.3CVSS5.8AI score0.01379EPSS
Exploits1References7
Prion
Prion
added 2012/10/31 4:55 p.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in modules/modlanguages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php. NOTE: some of these details are obtained from third party...

4.3CVSS6.2AI score0.01379EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder