Lucene search

K

192 matches found

CVE
CVE
added 2020/12/28 8:15 p.m.83 views

CVE-2020-35610

An issue was discovered in Joomla! 2.5.0 through 3.9.22. The autosuggestion feature of com_finder did not respect the access level of the corresponding terms.

7.5CVSS7.5AI score0.00008EPSS
CVE
CVE
added 2021/01/12 9:15 p.m.82 views

CVE-2021-23124

An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks.

6.1CVSS5.9AI score0.36442EPSS
CVE
CVE
added 2018/06/26 7:29 p.m.81 views

CVE-2018-12712

An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion.

8.8CVSS8.6AI score0.01882EPSS
CVE
CVE
added 2018/03/15 1:29 a.m.81 views

CVE-2018-8045

In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view.

8.8CVSS8.8AI score0.66389EPSS
CVE
CVE
added 2020/01/28 9:15 p.m.80 views

CVE-2020-8420

An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.

8.8CVSS8.5AI score0.00037EPSS
CVE
CVE
added 2025/04/08 5:15 p.m.80 views

CVE-2025-25227

Insufficient state checks lead to a vector that allows to bypass 2FA checks.

7.5CVSS7AI score0.00002EPSS
CVE
CVE
added 2019/11/06 2:15 a.m.79 views

CVE-2019-18674

An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure.

5.3CVSS5.3AI score0.00008EPSS
CVE
CVE
added 2020/03/16 4:15 p.m.79 views

CVE-2020-10243

An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype.

9.8CVSS9.6AI score0.00149EPSS
CVE
CVE
added 2022/10/25 7:15 p.m.78 views

CVE-2022-27913

An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components.

6.1CVSS6.2AI score0.00047EPSS
CVE
CVE
added 2021/03/04 6:15 p.m.77 views

CVE-2021-26028

An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path.

5.5CVSS5.7AI score0.00014EPSS
CVE
CVE
added 2020/06/02 8:15 p.m.76 views

CVE-2020-13760

In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF.

8.8CVSS8.5AI score0.00008EPSS
CVE
CVE
added 2021/06/21 11:15 p.m.75 views

CVE-2010-1435

Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from 1....

9.8CVSS9.9AI score0.00014EPSS
CVE
CVE
added 2016/12/05 5:59 p.m.75 views

CVE-2016-9836

The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the .php6, .php7, .phtml, and .phpt extensions. Additionally, J...

9.8CVSS9.4AI score0.00374EPSS
CVE
CVE
added 2020/08/26 10:15 p.m.75 views

CVE-2020-24598

An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of com_content leads to an open redirect.

6.1CVSS6.1AI score0.00049EPSS
CVE
CVE
added 2025/01/07 5:15 p.m.75 views

CVE-2024-40749

Improper Access Controls allows access to protected views.

7.5CVSS6.5AI score0.00002EPSS
CVE
CVE
added 2011/07/27 8:55 p.m.74 views

CVE-2011-2710

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject ...

4.3CVSS5.7AI score0.00047EPSS
CVE
CVE
added 2018/10/09 9:29 p.m.74 views

CVE-2018-17855

An issue was discovered in Joomla! before 3.8.13. If an attacker gets access to the mail account of an user who can approve admin verifications in the registration process, he can activate himself.

8.8CVSS8.5AI score0.00485EPSS
CVE
CVE
added 2020/04/21 5:15 p.m.74 views

CVE-2020-11891

An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups.

5.3CVSS5.2AI score0.00009EPSS
CVE
CVE
added 2020/06/02 8:15 p.m.73 views

CVE-2020-13762

In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows XSS.

6.1CVSS6.2AI score0.00226EPSS
CVE
CVE
added 2024/07/09 5:15 p.m.73 views

CVE-2024-21729

Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field.

6.1CVSS6.2AI score0.0001EPSS
CVE
CVE
added 2017/04/25 6:59 p.m.72 views

CVE-2017-7985

In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.

6.1CVSS6.2AI score0.00048EPSS
CVE
CVE
added 2019/05/20 1:29 p.m.72 views

CVE-2019-11809

An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.

6.1CVSS5.8AI score0.00169EPSS
CVE
CVE
added 2020/04/21 5:15 p.m.72 views

CVE-2020-11890

An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration.

5.3CVSS5AI score0.00271EPSS
CVE
CVE
added 2021/03/04 6:15 p.m.72 views

CVE-2021-23128

An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to 'random_bytes()' and its backport that is shipped within random_compat.

9.1CVSS9.1AI score0.00009EPSS
CVE
CVE
added 2021/03/04 6:15 p.m.72 views

CVE-2021-23131

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager.

7.5CVSS7.6AI score0.00029EPSS
CVE
CVE
added 2019/01/16 8:29 a.m.71 views

CVE-2019-6264

An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability.

6.1CVSS5.7AI score0.00368EPSS
CVE
CVE
added 2021/04/14 6:15 p.m.71 views

CVE-2021-26030

An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page

6.1CVSS5.9AI score0.46051EPSS
CVE
CVE
added 2018/05/22 3:29 p.m.70 views

CVE-2018-11328

An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability.

4.7CVSS4.9AI score0.00058EPSS
CVE
CVE
added 2019/08/14 4:15 a.m.70 views

CVE-2019-15028

In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms.

5.3CVSS5.2AI score0.00006EPSS
CVE
CVE
added 2020/12/28 8:15 p.m.70 views

CVE-2020-35612

An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.

7.5CVSS7.5AI score0.00013EPSS
CVE
CVE
added 2016/12/16 9:59 a.m.69 views

CVE-2016-9837

An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view articles that should not be publicly accessible, as demonstrated by an index.php?op...

7.5CVSS8.2AI score0.0001EPSS
CVE
CVE
added 2019/11/06 2:15 a.m.69 views

CVE-2019-18650

An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability.

8.8CVSS8.5AI score0.00006EPSS
CVE
CVE
added 2021/01/12 9:15 p.m.69 views

CVE-2021-23123

An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition endpoint of com_modules leak names of unpublished and/or inaccessible modules.

5.3CVSS5.3AI score0.00005EPSS
CVE
CVE
added 2024/07/09 5:15 p.m.69 views

CVE-2024-21730

The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector.

5.4CVSS5.7AI score0.0001EPSS
CVE
CVE
added 2024/07/09 5:15 p.m.69 views

CVE-2024-26279

The wrapper extensions do not correctly validate inputs, leading to XSS vectors.

6.1CVSS5.9AI score0.0001EPSS
CVE
CVE
added 2018/05/22 3:29 p.m.68 views

CVE-2018-11325

An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen.

9.8CVSS9.4AI score0.00114EPSS
CVE
CVE
added 2020/03/16 4:15 p.m.68 views

CVE-2020-10238

An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors.

7.5CVSS7.3AI score0.03125EPSS
CVE
CVE
added 2023/02/01 10:15 p.m.68 views

CVE-2023-23751

An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.

4.3CVSS4.4AI score0.00005EPSS
CVE
CVE
added 2020/06/02 8:15 p.m.67 views

CVE-2020-13763

In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users.

7.5CVSS7.4AI score0.00011EPSS
CVE
CVE
added 2020/12/28 8:15 p.m.67 views

CVE-2020-35615

An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability.

6.8CVSS6.3AI score0.00004EPSS
CVE
CVE
added 2021/06/21 11:15 p.m.66 views

CVE-2010-1433

Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unaut...

9.8CVSS9.4AI score0.00017EPSS
CVE
CVE
added 2018/05/22 3:29 p.m.66 views

CVE-2018-11323

An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions.

8.8CVSS8.5AI score0.0062EPSS
CVE
CVE
added 2018/06/26 7:29 p.m.66 views

CVE-2018-12711

An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the curren...

6.1CVSS6AI score0.01238EPSS
CVE
CVE
added 2019/02/12 6:29 p.m.66 views

CVE-2019-7744

An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability.

6.1CVSS6.1AI score0.0015EPSS
CVE
CVE
added 2022/10/25 7:15 p.m.66 views

CVE-2022-27912

An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests.

5.3CVSS5.4AI score0.00007EPSS
CVE
CVE
added 2023/05/30 5:15 p.m.66 views

CVE-2023-23754

An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.

6.1CVSS6AI score0.00016EPSS
CVE
CVE
added 2020/01/15 1:15 p.m.65 views

CVE-2012-1563

Joomla! before 2.5.3 allows Admin Account Creation.

7.5CVSS7.5AI score0.00421EPSS
CVE
CVE
added 2018/01/30 5:29 p.m.65 views

CVE-2018-6377

In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox

6.1CVSS6AI score0.46615EPSS
CVE
CVE
added 2024/07/09 5:15 p.m.65 views

CVE-2024-26278

The Custom Fields component not correctly filter inputs, leading to a XSS vector.

6.1CVSS5.9AI score0.00006EPSS
CVE
CVE
added 2018/05/22 3:29 p.m.64 views

CVE-2018-11322

An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.

7.5CVSS7.6AI score0.00219EPSS
Total number of security vulnerabilities192