Lucene search
K

25 matches found

Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.16 views

PT-2026-45038

Summary modules/registration.php mode send login regenerates a random password for user uuid assigned, stores its bcrypt hash in adm users.usr password, and emails the cleartext to that user. Every other state-changing mode in the same file assign member, assign user, delete user, create user cal...

5.2CVSS5.7AI score0.00015EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.13 views

PT-2026-24803

CVE-2026-31954 Emlog is an open source website building system. In 2.6.6 and earlier, the delete async action asynchronous delete lacks a call to LoginAuth::checkToken, enabling… https://t.co/jGjg6aBhCJ...

5.8AI score0.0015EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/22 3:50 p.m.5 views

CVE-2020-15700

An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajaxinstall endpoint of cominstaller causes a CSRF vulnerability...

6.8CVSS6.9AI score0.00594EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:47 p.m.7 views

CVE-2020-15695

An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of comprivacy causes a CSRF vulnerability...

6.8CVSS6.8AI score0.00594EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:21 a.m.6 views

CVE-2019-18650

An issue was discovered in Joomla! before 3.9.13. A missing token check in comtemplate causes a CSRF vulnerability...

8.8CVSS6.8AI score0.00452EPSS
Exploits0References1
OSV
OSV
added 2025/04/03 2:15 p.m.9 views

BIT-JOOMLA-2023-23750 [20230101] - Core - CSRF within post-installation messages

An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages...

6.3CVSS6.2AI score0.0023EPSS
Exploits0References2
OSV
OSV
added 2025/04/03 2:13 p.m.6 views

BIT-JOOMLA-2021-26033 [20210502] - Core - CSRF in AJAX reordering endpoint

An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint...

6.5CVSS6.4AI score0.00604EPSS
Exploits0References2
OSV
OSV
added 2025/04/03 2:10 p.m.6 views

BIT-JOOMLA-2020-15700

An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajaxinstall endpoint of cominstaller causes a CSRF vulnerability...

6.8CVSS7.1AI score0.00594EPSS
Exploits0References2
OSV
OSV
added 2025/04/03 2:10 p.m.5 views

BIT-JOOMLA-2020-15695

An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of comprivacy causes a CSRF vulnerability...

6.8CVSS6.6AI score0.00594EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.6 views

Joomla! 跨站请求伪造漏洞

Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! versions 4.0.0 through 4.2.6, which stems from a missing token check. An attacker can exploit this vulnerability to perform cross-site request forgery attacks...

6.3CVSS6.3AI score0.0023EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/11/22 4:15 p.m.2 views

CVE-2021-43559

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk...

8.8CVSS6.8AI score0.00607EPSS
Exploits0References3
CNVD
CNVD
added 2021/05/27 12:0 a.m.4 views

Joomla! cross-site request forgery vulnerability (CNVD-2021-38296)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site request forgery vulnerability exists in combanners and comsysinfo in...

6.5CVSS6.6AI score0.00604EPSS
Exploits0References1
CNVD
CNVD
added 2021/05/27 12:0 a.m.9 views

Joomla! cross-site request forgery vulnerability (CNVD-2021-38295)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site request forgery vulnerability exists in the AJAX reordering endpoint...

6.5CVSS6.6AI score0.00604EPSS
Exploits0References1
Prion
Prion
added 2021/05/26 11:15 a.m.27 views

Cross site request forgery (csrf)

An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint...

4.3CVSS6.4AI score0.00604EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/05/26 12:0 a.m.38 views

Joomla! 3.x < 3.9.27 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.9.27. It is, therefore, affected by multiple vulnerabilities. - HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors. CVE-2021-26032...

6.5CVSS6.1AI score0.0098EPSS
Exploits1References6
CNNVD
CNNVD
added 2021/05/25 12:0 a.m.6 views

Joomla! 跨站请求伪造漏洞

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site request forgery vulnerability exists in the AJAX reordering endpoint...

6.5CVSS5.4AI score0.00604EPSS
Exploits0References3
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2021/05/07 12:0 a.m.49 views

[20210502] - Core - CSRF in AJAX reordering endpoint

A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint...

6.5CVSS3.3AI score0.00604EPSS
Exploits0Affected Software1
NVD
NVD
added 2020/07/15 4:15 p.m.24 views

CVE-2020-15700

An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajaxinstall endpoint of cominstaller causes a CSRF vulnerability...

6.8CVSS0.00594EPSS
Exploits0References1
Prion
Prion
added 2020/07/15 4:15 p.m.18 views

Cross site request forgery (csrf)

An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajaxinstall endpoint of cominstaller causes a CSRF vulnerability...

6.8CVSS6.3AI score0.00594EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2020/07/15 12:0 a.m.5 views

PT-2020-14590 · Open Source Matters · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.9.19 and earlier Description: A missing token check in the remove request section of com privacy causes a CSRF issue. Recommendations: For versions 3.9.19 and earlier, update to a version that includes the fix for the missi...

6.8CVSS7.3AI score0.00594EPSS
Exploits0References6
Rows per page
Query Builder