PT-2025-25333 · Joomla · Jevents

Name of the Vulnerable Software and Affected Versions: JEvents component for Joomla versions prior to 3.6.88 JEvents component for Joomla versions prior to 3.6.82.1 Description: A SQL injection vulnerability in the JEvents component for Joomla was discovered, allowing unauthorized access to data...

CVE-2012-1612

Cross-site scripting XSS vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Vulnerabilities fixed in Joomla!

Joomla! has fixed vulnerabilities in the MultiFactor Authentication system of Joomla! CMS. An unauthenticated malicious party could exploit the vulnerabilities to launch a Cross-Site-Scripting XSS attack, or to use brute force to access the account. forcing to gain access to a user's account and...

Vulnerability fixed in Joomla! media manager

Joomla has fixed a vulnerability in the Joomla! media!! manager. Due to improper access control, a user could without being authorized to do so could delete arbitrary content from the media directory. Joomla has released updates to fix the vulnerability in Joomla! 4.0.1. For more information, see...

PT-2020-11998 · Open Source Matters · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions prior to 3.9.16 Description: The issue is related to inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript, which allows XSS attacks. Recommendations: For versions prior to 3.9.16, update to version 3.9.1...

PT-2019-12931 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions prior to 3.9.7 Description: An issue was discovered where the update server URL of com joomlaupdate can be manipulated by non Super-Admin users. Recommendations: For versions prior to 3.9.7, update to version 3.9.7 or later t...