2 matches found
CVE-2021-26033 [20210502] - Core - CSRF in AJAX reordering endpoint
An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint...
Joomla! 3.x < 3.9.27 Multiple Vulnerabilities
According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.9.27. It is, therefore, affected by multiple vulnerabilities. - HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors. CVE-2021-26032...