Joomla Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka...
5.4AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified...
5.9AI Score
0.006EPSS
Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the...
5.9AI Score
0.005EPSS
SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to...
8.7AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7)....
5.9AI Score
0.003EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3)...
5.9AI Score
0.006EPSS
Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified...
6.8AI Score
0.004EPSS
SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid...
8.7AI Score
0.001EPSS
Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the JCE component before 2.0.18 for Joomla! allows remote authenticated users with the author privileges to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif. NOTE:...
7.5AI Score
0.004EPSS
SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to...
8.7AI Score
0.009EPSS
Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by...
6.3AI Score
0.004EPSS
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.7AI Score
0.037EPSS
Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.9AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.8AI Score
0.037EPSS
Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.8AI Score
0.037EPSS
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified...
6.5AI Score
0.001EPSS
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified...
6.5AI Score
0.01EPSS
SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid...
8.4AI Score
0.001EPSS
Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are...
7.5CVSS
7.6AI Score
0.002EPSS
Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate...
9.8CVSS
9.4AI Score
0.002EPSS
Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from...
9.8CVSS
9.9AI Score
0.002EPSS
Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are...
7.5CVSS
7.2AI Score
0.002EPSS
An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS...
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of com_content leads to an open...
6.1CVSS
6.1AI Score
0.001EPSS
An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF...
6.3CVSS
6.3AI Score
0.001EPSS
An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site...
5.3CVSS
5.3AI Score
0.001EPSS
An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by...
4.3CVSS
4.7AI Score
0.001EPSS
An issue was discovered in Joomla! through 3.9.19. Lack of input filtering and escaping allows XSS attacks in...
6.1CVSS
5.8AI Score
0.001EPSS
An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF...
6.3CVSS
6.2AI Score
0.001EPSS
An issue was discovered in Joomla! through 3.9.19. Inadequate filtering on the system information screen could expose Redis or proxy...
5.3CVSS
5.3AI Score
0.001EPSS
In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows...
6.1CVSS
6.2AI Score
0.001EPSS
In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows...
6.1CVSS
6.2AI Score
0.001EPSS
In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest...
7.5CVSS
7.4AI Score
0.001EPSS
8.8CVSS
8.5AI Score
0.001EPSS
An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of...
5.3CVSS
5.2AI Score
0.001EPSS
An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL...
5.3CVSS
5AI Score
0.001EPSS
An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of...
5.3CVSS
5.2AI Score
0.001EPSS
An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack...
7.5CVSS
7.3AI Score
0.002EPSS
An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to...
8.8CVSS
8.5AI Score
0.001EPSS
An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email...
5.3CVSS
5.3AI Score
0.001EPSS
An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin...
8.8CVSS
8.8AI Score
0.001EPSS
An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend...
9.8CVSS
9.6AI Score
0.002EPSS
An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS...
6.1CVSS
5.9AI Score
0.001EPSS
9.8CVSS
9.5AI Score
0.613EPSS
Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code...
9.8CVSS
9.7AI Score
0.089EPSS
Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir...
9.1CVSS
9.5AI Score
0.003EPSS
5.3CVSS
5.4AI Score
0.001EPSS
7.5CVSS
7.2AI Score
0.002EPSS
7.5CVSS
7.2AI Score
0.002EPSS
An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF...
8.8CVSS
8.5AI Score
0.001EPSS