EUVD-2017-18843

Malware in sbrugna...

Joomla! 3.x < 3.10.17 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.10.17, 4.x prior to 4.4.7 or 5.x prior to 5.1.3. It is, therefore, affected by multiple vulnerabilities. - The stripImages and stripIframes methods didn't properly process inputs,...

[20240702] - Core - Self-XSS in fancyselect list field layout

The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector...

[20240204] - Core - XSS in mail address outputs

Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components...

[20230502] - Core - Bruteforce prevention within the mfa screen

Joomla! CMS versions 4.2.0-4.3.1...

Joomla! CMS Cross-Site Scripting (CVE-2018-6377)

A cross-site scripting vulnerability exists in Joomla! Core. Successful exploitation results in the execution of arbitrary script code in the target user's browser...

[20221101] - Core - RXSS through reflection of user input in com_media

Joomla! CMS versions 4.0.0-4.2.4...

Joomla! Cross-site scripting vulnerability (CNVD-2022-64103)

Joomla! is a set of forum components used in the Joomla! content management system. 4.0.0 to 4.1.0 versions of Joomla! have a cross-site scripting vulnerability that stems from a filter that incorrectly cleans up and escapes the content in the code, which can be exploited by attackers to execute...

CVE-2012-1562

Joomla! core before 2.5.3 allows unauthorized password change...

Open redirect

Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1...

CVE-2015-5608

CVE-2015-5608 affects Joomla! CMS 3.0.0 through 3.4.1 and is an open redirect vulnerability. The issue stems from inadequate validation of script parameters/return value, enabling redirection to an arbitrary external site when a user follows a crafted link. Exploitation details aren’t provided in...

CVE-2017-9934

Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability...

Input validation

Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents...

CVE-2017-9934

Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability...

CVE-2017-9934

CVE-2017-9934 is a Joomla! XSS vulnerability described as missing CSRF token checks and improper input validation, affecting Joomla! versions 1.7.3 through 3.7.2. The connected records corroborate an XSS flaw arising from input validation issues (notably in the context of multibyte input) and ref...

CVE-2016-9836

The file scanning mechanism of JFilterInput::isFileSafe in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the .php6, .php7, .phtml, and .phpt extensions. Additionally,...

CVE-2016-9836

CVE-2016-9836 affects Joomla! CMS versions up to 3.6.4 (self-reported). The file scanning in JFilterInput::isFileSafe() fails to consider alternative PHP extensions (e.g., .php6, .php7, .phtml, .phpt) when validating uploaded files, enabling execution of uploaded PHP content. Additionally, JHelpe...

CVE-2014-7982

Cross-site scripting XSS vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-7983

Cross-site scripting XSS vulnerability in comcontact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...