Lucene search
K
JoomlaMost viewed

725 matches found

Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/01/01 12:0 a.m.78 views

[20190602] - Core - XSS in subform field

The subform fieldtype does not sufficiently filter or validate input of subfields, this leads to XSS attack vectors...

6.1CVSS3.5AI score0.00922EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/03/13 12:0 a.m.77 views

[20200401] - Core - Incorrect access control in com_users access level editing function

Incorrect ACL checks in the access level section of comusers allow the unauthorized editing of usergroups...

5.3CVSS5.4AI score0.00795EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/08/28 12:0 a.m.77 views

[20190901] - Core - XSS in logo parameter of default templates

Inadequate escaping allowed XSS attacks using the logo parameter of the default templates...

6.1CVSS5.8AI score0.00671EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/09/24 12:0 a.m.76 views

[20140904] - Core - Denial of Service

Inadequate checking allowed the potential for a denial of service attack...

5CVSS6.2AI score0.01319EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/08/04 12:0 a.m.75 views

Extplorer, 2.1.9 and previous, Directory Traversal

Extplorer, 2.1.9, Directory Traversal cve: CVE-2016-4313 resolution: update to 2.1.10 update notice: http://extplorer.net/news/21...

7.8CVSS1.9AI score0.08679EPSS
Exploits5References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/02/28 12:0 a.m.74 views

Joomla! Pinterest Clone Social Pinboard,2.0,SQL Injection

Joomla! Pinterest Clone Social Pinboard from apptha.com, 2.0, multiple SQL Injection vulnerabilities...

9.8CVSS3.2AI score0.02703EPSS
Exploits5Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2021/06/22 12:0 a.m.69 views

[20210705] - Core - XSS in com_media imagelist

Inadequate escaping in the imagelist view of commedia leads to a XSS vulnerability...

6.1CVSS1.4AI score0.00877EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/03/13 12:0 a.m.69 views

[20190401] - Core - Directory Traversal in com_media

The Media Manager component does not properly sanitise the folder parameter, allowing attackers to act outside the media manager root directory...

9.8CVSS9.1AI score0.38018EPSS
Exploits7Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2013/04/17 12:0 a.m.69 views

[20130407] - Core - XSS Vulnerability

Inadequate filtering leads to XSS vulnerability in highlighter plugin...

4.3CVSS5.5AI score0.01366EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/04/11 12:0 a.m.68 views

Visforms Base Package for Joomla!, 4, SQL Injection

Project: Visforms für Joomla 3 Extension: comvisforms Impact: Critical Severity: High Probability: Unkonwn Versions: 3.8.0 - 3.14.10 Exploit type: SQL Injection Reported Date: 2023-04-16 Fixed Date: 2023-04-19 CVE Number: CVE-2023-23753 Description An improper use of input filter allows...

9.8CVSS9.9AI score0.00798EPSS
Exploits1References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/04/09 12:0 a.m.68 views

[20190801] - Core - Hardening com_contact contact form

Inadequate checks in comcontact could allowed mail submission in disabled forms...

5.3CVSS1.5AI score0.00975EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/07/14 12:0 a.m.66 views

[20231101] - Core - Exposure of environment variables

Joomla! CMS versions 1.6.0-4.4.0, 5.0.0...

7.5CVSS7.1AI score0.00811EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2016/12/30 7:59 p.m.66 views

[20161205] - PHPMailer Security Advisory

All versions of the third-party PHPMailer library distributed with Joomla! versions up to 3.6.5 are vulnerable to a remote code execution vulnerability. This is patched in PHPMailer 5.2.20 which will be included with Joomla! 3.7. After analysis, the JSST has determined that through correct use of...

9.8CVSS2.9AI score0.99714EPSS
Exploits59Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/05/08 12:0 a.m.64 views

[20200605] - Core - CSRF in com_postinstall

Missing token checks in compostinstall cause CSRF vulnerabilities...

8.8CVSS2.6AI score0.00677EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/02/21 12:0 a.m.64 views

ZH GoogleMap, 8.4.0.0, SQL Injection

ZH GoogleMap from zhuk.cc, versions 8.4.0.0 and previous, SQL Injection Resolution: update to 8.4.1.0 Update notice: http://zhuk.cc/2018/02/21/zh-googlemap-security-update-2/...

9.8CVSS2.2AI score0.02759EPSS
Exploits5References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/10/10 12:0 a.m.63 views

[20191001] - Core - CSRF in com_template overrides view

A missing token check in comtemplate causes a CSRF vulnerability...

8.8CVSS8.4AI score0.00452EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/05/11 12:0 a.m.63 views

[20170501] - Core - SQL Injection

Inadequate filtering of request data leads to a SQL Injection vulnerability...

9.8CVSS2.1AI score0.99826EPSS
Exploits21Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/02/13 12:0 a.m.62 views

[20230201] - Core - Improper access check in webservice endpoints

Joomla! CMS versions 4.0.0-4.2.7...

5.3CVSS5.9AI score0.99827EPSS
Exploits43Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/03/09 12:0 a.m.61 views

[20200306] - Core - SQL injection in Featured Articles menu parameters

The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the "Featured Articles" frontend menutype...

9.8CVSS4.1AI score0.02042EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/02/28 12:0 a.m.61 views

[20200305] - Core - Incorrect Access Control in com_fields SQL field

Incorrect Access Control in the SQL fieldtype of comfields allows access for non-superadmin users...

8.8CVSS5.1AI score0.02655EPSS
Exploits2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/02/28 12:0 a.m.61 views

OS Property, 3.12.8, SQL Injection

OS Property from Joomdonation.com, 3.12.8 and previous, SQL Injection resolution: update to 3.12.9 note that previous security release 3.12.8 did not completely fix the issue update notice: https://www.joomdonation.com/forum/os-property/61368-os-property-3-12-9-released-security-issue-fixed.html...

9.8CVSS1AI score0.02018EPSS
Exploits5References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/03/01 12:0 a.m.60 views

[20170407] - Core - ACL Violations

Inadequate mime type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden...

6.5CVSS6.4AI score0.00981EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2016/10/26 12:0 a.m.59 views

[20161003] - Core - Account Modifications

Incorrect use of unfiltered data allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments...

9.8CVSS9.2AI score0.02047EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2015/12/15 12:0 a.m.59 views

[20151207] - Core - SQL Injection

Inadequate filtering of request data leads to a SQL Injection vulnerability...

7.9AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/02/27 12:0 a.m.58 views

[20200402] - Core - Missing checks for the root usergroup in usergroup table

Inproper input validations in the usergroup table class could lead to a broken ACL configuration...

5.3CVSS2.1AI score0.02761EPSS
Exploits1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/02/24 12:0 a.m.58 views

[20200302] - Core - XSS in Protostar and Beez3

Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allow XSS attacks...

6.1CVSS3.6AI score0.0096EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2021/05/29 12:0 a.m.57 views

[20210701] - Core - XSS in JForm Rules field

Inadequate escaping in the Rules field of the JForm API leads to a XSS vulnerability...

6.1CVSS1.4AI score0.00877EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/02/06 12:0 a.m.56 views

[20200301] - Core - CSRF in com_templates image actions

Missing token checks in the image actions of comtemplates causes CSRF vulnerabilities...

8.8CVSS3.6AI score0.00677EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/02/26 12:0 a.m.56 views

Saxum Numerology, 3.0.4, SQL Injection

Saxum Numerology, versions 3.0.4 and previous, SQL Injection...

9.8CVSS4.3AI score0.02703EPSS
Exploits5References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2015/12/15 12:0 a.m.56 views

[20151206] - Core - Session Hardening

The Joomla Security Strike team has been following up on the critical security vulnerability patched last week. Since the recent update it has become clear that the root cause is a bug in PHP itself. This was fixed by PHP in September of 2015 with the releases of PHP 5.4.45, 5.5.29, 5.6.13 Note...

6.7AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/08/21 12:0 a.m.55 views

[20200801] - Core - XSS in mod_latestactions

Lack of escaping in modlatestactions allows XSS attacks...

6.1CVSS2.7AI score0.01162EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/02/02 12:0 a.m.55 views

[20200803] - Core - Directory traversal in com_media

Lack of input validation allows commedia root paths outside of the webroot...

4.8AI score
Exploits2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/09/24 12:0 a.m.55 views

[20190202] - Core - Browserside mime-type sniffing causes XSS attack vectors

A combination of specific webserver configurations, in connection with specific file types and browserside mime-type sniffing causes a XSS attack vector...

6.1CVSS6.2AI score0.00793EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2015/06/20 12:0 a.m.55 views

BK MultiThumb [multithumb], 3.7.1 and below, XSS (Cross Site Scripting)

BK-MultiThumb, 3.7.1 and below, XSS Cross Site Scripting Extension contains known vulnerable version of JS library prettyPhoto. The vulnerability in JS file was patched by extension author on basis of 3.1.5 file. Update notice: http://joomla.rjews.net/bk-multithumb...

6.2AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2021/06/06 12:0 a.m.54 views

[20210704] - Core - Privilege escalation through com_installer

Install action in cominstaller lack the required hardcoded ACL checks for superusers, leading to various potential attack vectors. A default system is not affected cause by default cominstaller is limited to super users already...

7.5CVSS3.9AI score0.01209EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/05/06 12:0 a.m.54 views

[20200601] - Core - XSS in modules heading tag option

Lack of input validation in the heading tag option of the "Articles – Newsflash" and "Articles - Categories" modules allow XSS attacks...

6.1CVSS2.6AI score0.0096EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/12/01 12:0 a.m.52 views

[20191202] - Core - Various SQL injections through configuration parameters

The lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors...

9.8CVSS9.7AI score0.01686EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2009/07/21 12:0 a.m.52 views

[20090722] - Core - Missing JEXEC Check

Some files were missing the check for JEXEC. These scripts will then expose internal path information of the host...

6.8AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2009/02/15 12:0 a.m.52 views

[20090301] - Core - Multiple XSS/CSRF

A series of XSS and CSRF faults exist in the administrator application. Affected administrator components include comadmin, commedia, comsearch. Both comadmin and comsearch contain XSS vulnerabilities, and commedia contains 2 CSRF vulnerabilities...

6.4AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/04/23 12:0 a.m.51 views

[20200602] - Core - Inconsistent default textfilter settings

The default settings of the global "textfilter" configuration doesn't block HTML inputs for 'Guest' users. With 3.9.19, the textfilter for new installations has been set to 'No HTML' for the groups 'Public', 'Guest' and 'Registered'...

7.5CVSS8AI score0.01227EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/02/22 12:0 a.m.51 views

JSP Tickets, 1.1, SQL Injection

JSP Tickets from Joomla Service Provider, versions 1.1 and previous, SQL Injection Resolution: update to version 1.2.0 Update notice: http://www.joomlaserviceprovider.com/jspblog/jsp-tickets-1-2-security-release.html...

9.8CVSS3AI score0.02703EPSS
Exploits5References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/03/18 12:0 a.m.51 views

OrdaSoft CCK,2.0.4,SQL Injection

OrdaSoft CCK, 2.0.4, SQL Injection Resolution: update to 2.0.5 Update notice: http://ordasoft.com/News/News/os-cck-content-construction-kit-for-joomla-security-update.html...

0.8AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2021/03/05 12:0 a.m.50 views

[20210501] - Core - Adding HTML to the executable block list of MediaHelper::canUpload

HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors...

6.1CVSS2.9AI score0.0098EPSS
Exploits1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/03/13 12:0 a.m.50 views

[20200403] - Core - Incorrect access control in com_users access level deletion function

Incorrect ACL checks in the access level section of comusers allow the unauthorized deletion of usergroups...

5.3CVSS3.5AI score0.0076EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/02/08 12:0 a.m.50 views

[20210703] - Core - Lack of enforced session termination

Various CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked...

5.3CVSS2.3AI score0.01005EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2021/08/20 12:0 a.m.49 views

[20210801] - Core - Insufficient access control for com_media deletion endpoint

The media manager does not correctly check the user's permissions before executing a file deletion command...

9.1CVSS8.7AI score0.00918EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2021/05/07 12:0 a.m.49 views

[20210503] - Core - CSRF in data download endpoints

A missing token check causes a CSRF vulnerability in data download endpoints in combanners and comsysinfo...

6.5CVSS3.2AI score0.00604EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/02/21 12:0 a.m.49 views

Zh BaiduMap, 3.0.0.1, SQL Injection

Zh BaiduMap by zhuk.cc, versions 3.0.0.1 and previous, SQL Injection resolution: update to 3.0.1.0 update notice: http://zhuk.cc/2018/02/21/zh-baidumap-security-update/...

9.8CVSS1.6AI score0.58324EPSS
Exploits5References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2021/05/07 12:0 a.m.48 views

[20210502] - Core - CSRF in AJAX reordering endpoint

A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint...

6.5CVSS3.3AI score0.00604EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/03/13 12:0 a.m.48 views

[20190402] - Core - Helpsites refresh endpoint callable for unauthenticated users

The "refresh list of helpsites" endpoint of comusers lacks access checks, allowing calls from unauthenticated users...

7.5CVSS8.6AI score0.01101EPSS
Exploits0Affected Software1
Total number of security vulnerabilities725