Joomla Security Vulnerabilities
Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Joomla to WordPress.This issue affects FG Joomla to WordPress: from n/a through...
5.3CVSS
7.3AI Score
0.0004EPSS
The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been...
7.2AI Score
0.0004EPSS
7.1AI Score
0.001EPSS
6.4AI Score
0.0004EPSS
Inadequate input validation for media selection fields lead to XSS vulnerabilities in various...
6.4AI Score
0.0004EPSS
6.5AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce, Frédéric GILLES FG Drupal to WordPress, Frédéric GILLES FG Joomla to WordPress.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.44.3; FG Drupal to WordPress: from n/a through 3.67.0;....
4.3CVSS
7.1AI Score
0.0004EPSS
An Open Redirect vulnerability was found in osTicky2 below 2.2.8. osTicky (osTicket Bridge) by SmartCalc is a Joomla 3.x extension that provides Joomla fronted integration with osTicket, a popular Support ticket system. The Open Redirect vulnerability allows attackers to control the return...
7.2AI Score
0.001EPSS
6.4AI Score
0.0004EPSS
9.8CVSS
7.4AI Score
0.001EPSS
9.8CVSS
7.4AI Score
0.001EPSS
6.1CVSS
6.4AI Score
0.0005EPSS
6.1CVSS
6.4AI Score
0.0005EPSS
6.1CVSS
6.4AI Score
0.0005EPSS
9.8CVSS
7.4AI Score
0.001EPSS
A reflected XSS vulnerability was discovered in the Clicky Analytics Dashboard module for...
6.1CVSS
6.4AI Score
0.0005EPSS
6.1CVSS
6.4AI Score
0.0005EPSS
9.8CVSS
7.4AI Score
0.001EPSS
A reflected XSS vulnerability was discovered in the Proforms Basic component for...
6.1CVSS
6.4AI Score
0.0005EPSS
A reflected XSS vulnerability was discovered in the Easy Quick Contact module for...
6.1CVSS
6.4AI Score
0.0005EPSS
The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible...
7.5CVSS
7.1AI Score
0.001EPSS
Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific...
5.3CVSS
5.2AI Score
0.0005EPSS
Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized users to create new mailing...
4.3CVSS
4.6AI Score
0.0004EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in AcyMailing component for Joomla. It allows remote code...
9.8CVSS
9.7AI Score
0.002EPSS
Improper Neutralization of Input During Web Page Generation vulnerability in AcyMailing Enterprise component for Joomla allows XSS. This issue affects AcyMailing Enterprise component for Joomla:...
6.1CVSS
6.3AI Score
0.0005EPSS
Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows the unauthorized removal of attachments from...
4.3CVSS
4.7AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL...
9.8CVSS
9.6AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL...
9.8CVSS
9.6AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL...
9.8CVSS
9.6AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script...
6.1CVSS
6AI Score
0.0005EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL...
9.8CVSS
9.6AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL...
9.8CVSS
9.6AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script...
6.1CVSS
6AI Score
0.0005EPSS
An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection...
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA...
7.5CVSS
7.5AI Score
0.001EPSS
The 'Visforms Base Package for Joomla 3' extension is vulnerable to SQL Injection as concatenation is used to construct an SQL Query. An attacker can interact with the database and could be able to read, modify and delete data on...
9.8CVSS
9.6AI Score
0.001EPSS
Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. This issue affects AnyMailing Joomla...
7.5CVSS
7.4AI Score
0.001EPSS
AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below...
9.8CVSS
9.6AI Score
0.004EPSS
AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below...
6.1CVSS
6.1AI Score
0.001EPSS
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice...
An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation...
6.3CVSS
6.3AI Score
0.001EPSS
An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access...
4.3CVSS
4.5AI Score
0.001EPSS
An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in...
6.1CVSS
6.1AI Score
0.002EPSS
An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various...
6.1CVSS
6.1AI Score
0.002EPSS
An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous...
5.3CVSS
5.2AI Score
0.001EPSS
An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12...
5.3CVSS
5.3AI Score
0.001EPSS
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account...
9.8CVSS
9.4AI Score
0.002EPSS
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in...
6.1CVSS
5.9AI Score
0.003EPSS
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various...
6.1CVSS
6AI Score
0.003EPSS
An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using...
6.1CVSS
5.9AI Score
0.002EPSS