Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
JoomlaJoomla!

274 matches found

CVE
CVEadded 2012/09/06 7:55 p.m.38 views

CVE-2012-0819

Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0821.

5CVSS6.2AI score0.00016EPSS
CVE
CVEadded 2012/09/26 12:55 a.m.38 views

CVE-2012-1117

Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.00011EPSS
CVE
CVEadded 2020/01/15 1:15 p.m.38 views

CVE-2012-1562

Joomla! core before 2.5.3 allows unauthorized password change.

7.5CVSS7.6AI score0.00007EPSS
CVE
CVEadded 2012/12/03 9:55 p.m.38 views

CVE-2012-1599

Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611.

5CVSS6.3AI score0.00451EPSS
CVE
CVEadded 2012/07/03 7:55 p.m.38 views

CVE-2012-2747

Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to gain privileges via unknown attack vectors related to "Inadequate checking."

7.5CVSS7AI score0.00067EPSS
CVE
CVEadded 2009/11/16 8:30 p.m.37 views

CVE-2009-3946

Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request.

5CVSS6.6AI score0.00041EPSS
CVE
CVEadded 2010/06/08 12:30 a.m.37 views

CVE-2010-1649

Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php.

4.3CVSS5.9AI score0.00031EPSS
CVE
CVEadded 2011/07/27 8:55 p.m.37 views

CVE-2011-2892

Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

4.3CVSS6.6AI score0.00017EPSS
CVE
CVEadded 2020/01/15 2:15 p.m.36 views

CVE-2011-4907

Joomla! 1.5x through 1.5.12: Missing JEXEC Check

5.3CVSS5.3AI score0.00007EPSS
CVE
CVEadded 2012/07/03 10:55 p.m.36 views

CVE-2012-3829

Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header.

5CVSS6.8AI score0.00162EPSS
CVE
CVEadded 2014/10/08 7:55 p.m.36 views

CVE-2014-7983

Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.0003EPSS
CVE
CVEadded 2020/07/15 4:15 p.m.36 views

CVE-2020-15700

An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF vulnerability.

6.8CVSS6.3AI score0.00006EPSS
CVE
CVEadded 2006/08/31 8:4 p.m.35 views

CVE-2006-4470

Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion.

7.5CVSS7.2AI score0.00209EPSS
CVE
CVEadded 2008/12/19 5:30 p.m.35 views

CVE-2008-4122

Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

7.5CVSS7.4AI score0.00018EPSS
CVE
CVEadded 2009/11/16 8:30 p.m.35 views

CVE-2009-3945

Unspecified vulnerability in the Front-End Editor in the com_content component in Joomla! before 1.5.15 allows remote authenticated users, with Author privileges, to replace the articles of an arbitrary user via unknown vectors.

5.5CVSS6.3AI score0.00032EPSS
CVE
CVEadded 2020/02/04 1:15 p.m.35 views

CVE-2011-4937

Joomla! 1.7.1 has core information disclosure due to inadequate error checking.

7.5CVSS7.2AI score0.0001EPSS
CVE
CVEadded 2012/09/06 9:55 p.m.35 views

CVE-2012-1611

Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599.

5CVSS6.1AI score0.00451EPSS
CVE
CVEadded 2010/10/05 6:0 p.m.34 views

CVE-2010-2535

Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens.

3.5CVSS5.5AI score0.00019EPSS
CVE
CVEadded 2012/07/03 7:55 p.m.34 views

CVE-2012-2748

Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to "Inadequate filtering" and a "SQL error."

5CVSS6.2AI score0.0055EPSS
CVE
CVEadded 2015/06/18 6:59 p.m.34 views

CVE-2015-4654

SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.

7.5CVSS8.7AI score0.00033EPSS
CVE
CVEadded 2012/10/07 9:55 p.m.33 views

CVE-2011-4909

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.ph...

4.3CVSS5.9AI score0.00075EPSS
CVE
CVEadded 2020/01/22 4:15 p.m.32 views

CVE-2011-3595

Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters.

5.4CVSS5.5AI score0.00036EPSS
CVE
CVEadded 2012/09/06 7:55 p.m.31 views

CVE-2012-0836

Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors.

5CVSS6.5AI score0.00011EPSS
CVE
CVEadded 2012/10/22 11:55 p.m.28 views

CVE-2012-5455

Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error."

4.3CVSS5.9AI score0.00011EPSS
Total number of security vulnerabilities274