An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.
6.1CVSS
6AI Score
0.001EPSS
An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods.
7.5CVSS
7.4AI Score
0.001EPSS
The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information.
7.5CVSS
7.4AI Score
0.001EPSS
Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field.
6.1CVSS
6AI Score
0.001EPSS
The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector.
5.4CVSS
6.5AI Score
0.0004EPSS
Improper handling of input could lead to an XSS vector in the StringHelper::truncate method.
6.1CVSS
5.8AI Score
0.001EPSS
6.1CVSS
5.8AI Score
0.001EPSS
6.1CVSS
5.7AI Score
0.001EPSS