Lucene search

Joomla! Security Vulnerabilities - January

cve

CVE-2023-23752

An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.

5.3CVSS

5.5AI Score

0.952EPSS

2023-02-16 05:15 PM

201

In Wild

cve

CVE-2023-23754

An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.

6.1CVSS

6AI Score

0.001EPSS

2023-05-30 05:15 PM

cve

CVE-2023-23755

An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods.

7.5CVSS

7.4AI Score

0.001EPSS

2023-05-30 05:15 PM

cve

CVE-2023-40626

The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information.

7.5CVSS

7.4AI Score

0.001EPSS

2023-11-29 01:15 PM

105

cve

CVE-2024-21729

Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field.

6.1CVSS

6AI Score

0.001EPSS

2024-07-09 05:15 PM

cve

CVE-2024-21730

The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector.

5.4CVSS

6.5AI Score

0.0004EPSS

2024-07-09 05:15 PM

cve

CVE-2024-21731

Improper handling of input could lead to an XSS vector in the StringHelper::truncate method.

6.1CVSS

5.8AI Score

0.001EPSS

2024-07-09 05:15 PM

cve

CVE-2024-26278

The Custom Fields component not correctly filter inputs, leading to a XSS vector.

6.1CVSS

5.8AI Score

0.001EPSS

2024-07-09 05:15 PM

cve

CVE-2024-26279

The wrapper extensions do not correctly validate inputs, leading to XSS vectors.

6.1CVSS

5.7AI Score

0.001EPSS

2024-07-09 05:15 PM

Total number of security vulnerabilities259