2 matches found
CVE-2021-26034
CVE-2021-26034 concerns Joomla! versions 3.0.0–3.9.26, where a missing CSRF token check in data download endpoints of the components com_banners and com_sysinfo enables cross-site request forgery. The issue is rooted in insufficient request validation, allowing unauthorized cross-origin actions v...
Joomla! 3.x < 3.9.27 Multiple Vulnerabilities
According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.9.27. It is, therefore, affected by multiple vulnerabilities. - HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors. CVE-2021-26032...