[20210401] - Core - Escape xss in logo parameter error pages

Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error pages...

[20210501] - Core - Adding HTML to the executable block list of MediaHelper::canUpload

HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors...

[20220305] - Core - Inadequate filtering on the selected Ids

Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection...

[20220302] - Core - Path Disclosure within filesystem error messages

Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application...

[20210309] - Core - Inadequate filtering of form contents could allow to overwrite the author field

Inadequate filtering of form contents could allow to overwrite the author field. The affected core components are comfields, comcategories, combanners, comcontact, comnewsfeeds and comtags...

[20210302] - Core - Potential Insecure FOFEncryptRandval

The core shipped but unused randval implementation within FOF FOFEncryptRandval used an potential insecure implemetation. That has now been replaced with a call to "randombytes" and its backport that is shipped within randomcompat...

[20210301] - Core - Insecure randomness within 2FA secret generation

Usage of the insecure rand function within the process of generating the 2FA secret.Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes...

[20210402] - Core - Inadequate filters on module layout settings

Inadequate filters on module layout settings could lead to an LFI...

RealPin by Frumania, SQL, 1.5.04

Name: Realpin Old 1.5.04 / New 1.6.0 Update details: Fixed risk of SQL Injection Update URL: https://realpin.frumania.com/...

JomSocial , 4.7.6, XSS (Cross Site Scripting)

JomSocial , 4.7.6, XSS Cross Site Scripting investigation...

publisher, 3.0.19, XSS (Cross Site Scripting)

ijoomlapublisher, 3.0.19, XSS Cross Site Scripting...

[20210307] - Core - ACL violation within com_content frontend editing

Incorrect ACL checks could allow unauthorized change of the category for an article...

paGO Commerce, 2.5.9.0, SQL Injection

paGO Commerce, 2.5.9.0, SQL Injection...

[20201104] - Core - SQL injection in com_users list view

Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list...

[20201106] - Core - CSRF in com_privacy emailexport feature

A missing token check in the emailexport feature of comprivacy causes a CSRF vulnerability...

[20201103] - Core - Path traversal in mod_random_image

The folder parameter of modrandomimage lacked input validation, leading to a path traversal vulnerability...

[20201102] - Core - Disclosure of secrets in Global Configuration page

The globlal configuration page does not remove secrets from the HTML output, disclosing the current values...

[20220303] - Core - User row are not bound to a authentication mechanism

A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover...

[20210308] - Core - Path Traversal within joomla/archive zip class

Extracting an specifilcy crafted zip package could write files outside of the intended path...

[20210103] - Core - XSS in com_tags image parameters

Lack of escaping of image-related parameters in multiple comtags views cause lead to XSS attack vectors...

[20210102] - Core - XSS in mod_breadcrumbs aria-label attribute

Lack of escaping in modbreadcrumbs aria-label attribute allows XSS attacks...

[20200801] - Core - XSS in mod_latestactions

Lack of escaping in modlatestactions allows XSS attacks...

[20201105] - Core - User Enumeration in backend login

Improper handling of the username leads to a user enumeration attack vector in the backend login page...

JCE Pro, 2.8.15, xss

This 2.8.15 an important security update is included to prevent potential cross-site scripting attacks. https://www.joomlacontenteditor.net/news/jce-pro-2-8-15-released...

CMS2CMS, Connector Extension, 2.00 permissions

CMS2CMS Connector Extension 2.00 Update of the permission type created for the catalog file 2.01...

js jobs, 1.3, SQL Injection

js jobs,1.3,SQL Injection...

[20210101] - Core - com_modules exposes module names

Lack of ACL checks in the orderPosition endpoint of commodules leak names of unpublished and/or inaccessible modules...

[20200802] - Core - Open redirect in com_content vote feature

Lack of input validation in comcontent leads to an open redirect...

[20201101] - Core - com_finder ignores access levels on autosuggest

The autosuggestion feature of comfinder did not respect the access level of the corresponding terms...

[20200706] - Core - System Information screen could expose redis or proxy credentials

Inadequate filtering in the system information screen could expose redis or proxy credentials...

[20200705] - Core - Escape mod_random_image link

Lack of input filtering and escaping allows XSS attacks in modrandomimage...

[20200704] - Core - Variable tampering via user table class

Internal read-only fields in the User table class could be modified by users...

xcloner,3.53,Other

xcloner,3.53,Other Developer statement Today we have made available a new release — version 3.5.4 — for the unmaintained Joomla version of XCloner. Prior versions of XCloner for Joomla contained an Authenticated Local File Disclosure vulnerability that has been patched in the latest version. Any...

Ordasoft CCK, 6.1.12 Various

Ordasoft CCK, 6.1.12 Various,,Other new version number...

[20200605] - Core - CSRF in com_postinstall

Missing token checks in compostinstall cause CSRF vulnerabilities...

[20210305] - Core - Input validation within the template manager

Missing input validation within the template manager...

[20210303] - Core - XSS within alert messages showed to users

Missing filtering of messages showed to users that could lead to xss issues...

[20200703] - Core - CSRF in com_privacy remove-request feature

A missing token check in the remove request section of comprivacy causes a CSRF vulnerability...

[20200701] - Core - CSRF in com_installer ajax_install endpoint

A missing token check in the ajaxinstall endpoint cominstaller causes a CSRF vulnerability...

[20200603] - Core - XSS in com_modules tag options

Incorrect input validation of the module tag option in commodules allow XSS attacks...

[20200601] - Core - XSS in modules heading tag option

Lack of input validation in the heading tag option of the "Articles – Newsflash" and "Articles - Categories" modules allow XSS attacks...

[20210304] - Core - XSS within the feed parser library

Missing filtering of feed fields could lead to xss issues...

[20200602] - Core - Inconsistent default textfilter settings

The default settings of the global "textfilter" configuration doesn't block HTML inputs for 'Guest' users. With 3.9.19, the textfilter for new installations has been set to 'No HTML' for the groups 'Public', 'Guest' and 'Registered'...

[20200604] - Core - XSS in jQuery.htmlPrefilter

The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are "... security issues in jQuery’s DOM manipulation methods, as in .html, .append, and the others."...

[20200702] - Core - Missing checks can lead to a broken usergroups table record

Missing validation checks at the usergroups table object can result into an broken site configuration...

hwdplayer,4.2,SQL Injection

hwdplayer,4.2,SQL Injection Possible abandonware also...

fabrik 3.9,Various

,fabrik 3.9. Various Issues NOTE: the earlier version number was a mistake by the reporter. new version number 3.9.1 Update Notice URL https://fabrikar.com/blog/87-fabrik-3-9-1-released...

GMapFP 3.30,Other

GMapFP 3.30,3.30,Other Related in https://vel.joomla.org/resolved/1835-gmapfp-3-39f-xss-cross-site-scripting new version number 3.55...

acymailing, 6.9.2,Other

acymailing, 6.9.2,Other Update to version 6.9.2 Developer did not inform the VEL team...

[20200403] - Core - Incorrect access control in com_users access level deletion function

Incorrect ACL checks in the access level section of comusers allow the unauthorized deletion of usergroups...