BIT-JOOMLA-2021-23123 [20210101] - Core - com_modules exposes module names

An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition endpoint of commodules leak names of unpublished and/or inaccessible modules...

Joomla 3.0.x < 3.9.24 Multiple Vulnerabilities (5830-joomla-3-9-24)

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.0.x prior to 3.9.24. It is, therefore, affected by multiple vulnerabilities. - An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition endpoint of...

Joomla! 3.0.0 - 3.9.23 ACL Vulnerability

Joomla! is prone to an ACL vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla"; ifdescription...

CVE-2021-23123

An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition endpoint of commodules leak names of unpublished and/or inaccessible modules...

CVE-2021-23123

An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition endpoint of commodules leak names of unpublished and/or inaccessible modules...

Design/Logic Flaw

An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition endpoint of commodules leak names of unpublished and/or inaccessible modules...

CVE-2021-23123 [20210101] - Core - com_modules exposes module names

An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition endpoint of commodules leak names of unpublished and/or inaccessible modules...

[20210101] - Core - com_modules exposes module names

Lack of ACL checks in the orderPosition endpoint of commodules leak names of unpublished and/or inaccessible modules...

Joomla! cross-site scripting vulnerability (CNVD-2020-53799)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. A cross-site scripting vulnerability exists in the tagging option of commodules in versions of Joomla! prior to 3.9.19. The vulnerability stems from...

CVE-2020-13762

CVE-2020-13762 affects Joomla! versions before 3.9.19, where incorrect input validation of the module tag option in com_modules enables cross-site scripting (XSS). The issue is confirmed in multiple later datasets referencing Joomla! 3.9.19 as the fixed version. Affected component: com_modules mo...

CVE-2020-13762

In Joomla! before 3.9.19, incorrect input validation of the module tag option in commodules allows XSS...

[20200603] - Core - XSS in com_modules tag options

Incorrect input validation of the module tag option in commodules allow XSS attacks...