CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/26 5:16 p.m.•9 views

CVE-2026-40384

An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...

7.5CVSS0.00445EPSS

CVE•added 2026/05/26 4:45 p.m.•13 views

CVE-2026-40384

CVE-2026-40384 affects Joomla! Core — com_media webservice endpoint. The issue is improper validation of the search parameter in the com_media files API, enabling path traversal. Documented across NVD, CVE records, and security feeds; impact described as path traversal with high confidentiality i...

7.5CVSS5.8AI score0.00445EPSS

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-12862

Malware in sbrugna...

6.1CVSS6.1AI score0.00877EPSS

OSV•added 2025/04/03 2:15 p.m.•2 views

BIT-JOOMLA-2022-27914 [20221101] - Core - RXSS through reflection of user input in com_media

An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in commedia...

6.1CVSS6.2AI score0.00455EPSS

OSV•added 2025/04/03 2:15 p.m.•6 views

BIT-JOOMLA-2022-23801 [20220309] - Core - XSS attack vector through SVG

An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in commedia...

6.1CVSS6.1AI score0.00565EPSS

OSV•added 2025/04/03 2:12 p.m.•9 views

BIT-JOOMLA-2021-23132 [20210306] - Core - com_media allowed paths that are not intended for image uploads

An issue was discovered in Joomla! 3.0.0 through 3.9.24. commedia allowed paths that are not intended for image uploads...

7.5CVSS7.5AI score0.06529EPSS

Exploits2References2

OpenVAS•added 2022/11/10 12:0 a.m.•10 views

Joomla! 4.0.0 - 4.2.4 XSS Vulnerability

Joomla! is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla";...

6.1CVSS5.7AI score0.00455EPSS

NVD•added 2022/11/08 7:15 p.m.•11 views

CVE-2022-27914

An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in commedia...

6.1CVSS0.00455EPSS

OSV•added 2022/11/08 7:15 p.m.•15 views

CVE-2022-27914

An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in commedia...

6.1CVSS6.2AI score

Prion•added 2022/11/08 7:15 p.m.•14 views

Cross site scripting

An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in commedia...

5.8CVSS6.1AI score0.00455EPSS

CVE•added 2022/11/08 6:50 p.m.•125 views

CVE-2022-27914

CVE-2022-27914 affects Joomla! 4.0.0 through 4.2.4. The issue is a reflected XSS in com_media caused by inadequate filtering of user input. Impact is reflected XSS with low confidentiality/integrity impact and no availability impact per CVSS. Remediation: upgrade to Joomla! 4.2.5 or later (per ex...

6.1CVSS6.2AI score0.00455EPSS

Vulnrichment•added 2022/11/08 6:50 p.m.•15 views

CVE-2022-27914 [20221101] - Core - RXSS through reflection of user input in com_media

An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in commedia...

6.2AI score0.00455EPSS

Cvelist•added 2022/11/08 6:50 p.m.•16 views

CVE-2022-27914 [20221101] - Core - RXSS through reflection of user input in com_media

An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in commedia...

6.3AI score0.00455EPSS

ATTACKERKB•added 2022/11/08 6:0 p.m.•1 views

CVE-2022-27914

An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in commedia...

6.1CVSS6.3AI score0.00455EPSS

Exploits0References2Affected Software1

Tenable Nessus•added 2022/11/08 12:0 a.m.•26 views

Joomla 4.0.x < 4.2.5 Joomla 4.2.5 Security and Bug Fix release (5873-joomla-4-2-5-security-and-bug-fix-release)

According to its self-reported version, the instance of Joomla! running on the remote web server is 4.0.x prior to 4.2.5. It is, therefore, affected by a vulnerability. - Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in commedia.. CVE-2022-27914...

6.1CVSS6.1AI score0.00455EPSS

Exploits0References3

Joomla! Vulnerable Extensions List•added 2022/10/28 12:0 a.m.•26 views

[20221101] - Core - RXSS through reflection of user input in com_media

Joomla! CMS versions 4.0.0-4.2.4...

6.1CVSS3.7AI score0.00455EPSS

Exploits0Affected Software1

NVD•added 2022/03/30 4:15 p.m.•11 views

CVE-2022-23801

An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in commedia...

6.1CVSS0.00565EPSS

OSV•added 2022/03/30 4:15 p.m.•19 views

CVE-2022-23801

An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in commedia...

6.1CVSS5.9AI score

CVE•added 2022/03/30 3:20 p.m.•125 views

CVE-2022-23801

Joomla! 4.0.0–4.1.0 is affected by a cross-site scripting (XSS) vulnerability via an SVG embedding path in com_media. Root cause: improper handling/cleanup of SVG content leading to executable HTML/script in the user’s browser. Public references describe a possible XSS attack vector through SVGs,...

6.1CVSS6.2AI score0.00565EPSS