22 matches found
BIT-JOOMLA-2026-48905 Joomla! Framework - [20260520] - Inadequate content filtering within the cleanAttributes filter code.
Lack of input filtering leads to an XSS vector in the HTML filter code...
BIT-JOOMLA-2026-48903 Joomla! Framework - [20260519] - Inadequate content filtering within the checkAttribute filter code.
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components...
CVE-2026-48903 Joomla! Framework - [20260519] - Inadequate content filtering within the checkAttribute filter code.
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components...
CVE-2026-48903
CVE-2026-48903 concerns the Joomla Framework, where the underlying issue is "inadequate content filtering within the checkAttribute methods" that leads to cross-site scripting (XSS) vulnerabilities across multiple components. The affected vector is the checkAttribute/filter code paths in the fram...
CVE-2026-48903 Joomla! Framework - [20260519] - Inadequate content filtering within the checkAttribute filter code.
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components...
CVE-2026-48905 Joomla! Framework - [20260520] - Inadequate content filtering within the cleanAttributes filter code.
Lack of input filtering leads to an XSS vector in the HTML filter code...
CVE-2026-48905 Joomla! Framework - [20260520] - Inadequate content filtering within the cleanAttributes filter code.
Lack of input filtering leads to an XSS vector in the HTML filter code...
CVE-2026-48905
The CVE-2026-48905 entry describes a vulnerability in the Joomla! Framework related to the cleanAttributes filter code, where inadequate input filtering creates an XSS vector in the HTML filtering path. According to the available metrics, this is a CVSS 4.0 base score of 6.9 (Medium) with impact ...
Joomla! 跨站脚本漏洞
Joomla! is an open-source, free-content management system developed by Joomla! Foundation. The Joomla! Framework has a cross-site scripting vulnerability, which stems from insufficient content filtering in the checkAttribute method. This vulnerability exposes various components to cross-site...
Exploit for CVE-2026-21627
CVE-2026-21627---Tassos-Novarai...
EUVD-2022-5653
Malicious code in bioql PyPI...
BIT-JOOMLA-2025-25226 [20250401] - Joomla Framework - SQL injection vulnerability in quoteNameStr method of Database package
Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in questio...
GHSA-44V2-PRCF-PC3M Joomla Framework Database Package Vulnerable to SQL Injection
Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in questio...
Joomla Framework Database Package Vulnerable to SQL Injection
Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in questio...
CVE-2025-25226 [20250401] - Joomla Framework - SQL injection vulnerability in quoteNameStr method of Database package
Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in questio...
CVE-2025-25226
CVE-2025-25226 affects Joomla Framework’s Database package: the quoteNameStr protected method may allow SQL injection if a subclass invokes it. Original 2.x/3.x packages show no direct usages of the method, so exploitation in the base class is not possible, but subclasses extending the affected c...
CVE-2025-25226 [20250401] - Joomla Framework - SQL injection vulnerability in quoteNameStr method of Database package
Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in questio...
Framework Session package Arbitrary Code Execution Vulnerability
Joomla! Framework is the U.S. Open Source Matters team developed a set of Web applications written in PHP framework , Session is one of the packages used for the session layer . A security vulnerability exists in the Joomla! Framework Session package version 1.3.1 prior to version 1.x. A remote...
CVE-2015-8566
The Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values...
Session fixation
The Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values...