Lucene search

K

192 matches found

CVE
CVE
added 2018/10/09 9:29 p.m.64 views

CVE-2018-17857

An issue was discovered in Joomla! before 3.8.13. Inadequate checks on the tags search fields can lead to an access level violation.

4.3CVSS4.8AI score0.00063EPSS
CVE
CVE
added 2018/08/29 3:29 a.m.63 views

CVE-2018-15882

An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter.

9.8CVSS9.2AI score0.00735EPSS
CVE
CVE
added 2018/05/22 3:29 p.m.63 views

CVE-2018-6378

In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager.

6.1CVSS6AI score0.01889EPSS
CVE
CVE
added 2019/02/12 6:29 p.m.63 views

CVE-2019-7740

An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector.

6.1CVSS6.2AI score0.0015EPSS
CVE
CVE
added 2022/11/08 7:15 p.m.63 views

CVE-2022-27914

An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.

6.1CVSS6.2AI score0.00047EPSS
CVE
CVE
added 2024/07/09 5:15 p.m.63 views

CVE-2024-21731

Improper handling of input could lead to an XSS vector in the StringHelper::truncate method.

6.1CVSS5.9AI score0.0001EPSS
CVE
CVE
added 2020/02/05 10:15 p.m.62 views

CVE-2011-1151

Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters.

9.1CVSS9.5AI score0.00035EPSS
CVE
CVE
added 2018/01/30 5:29 p.m.62 views

CVE-2018-6380

In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.

6.1CVSS6.2AI score0.0312EPSS
CVE
CVE
added 2021/07/07 11:15 a.m.62 views

CVE-2021-26035

An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the rules field of the JForm API leads to a XSS vulnerability.

6.1CVSS6.1AI score0.02166EPSS
CVE
CVE
added 2019/04/10 7:29 p.m.61 views

CVE-2019-10946

An issue was discovered in Joomla! before 3.9.5. The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users.

7.5CVSS6.8AI score0.00048EPSS
CVE
CVE
added 2019/02/12 6:29 p.m.61 views

CVE-2019-7741

An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS.

6.1CVSS6.3AI score0.00064EPSS
CVE
CVE
added 2019/02/12 6:29 p.m.61 views

CVE-2019-7743

An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files.

9.8CVSS9.4AI score0.01449EPSS
CVE
CVE
added 2021/03/04 6:15 p.m.61 views

CVE-2021-23126

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.

5.3CVSS6.1AI score0.00011EPSS
CVE
CVE
added 2021/03/04 6:15 p.m.61 views

CVE-2021-23130

An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead to xss issues.

6.1CVSS6.4AI score0.02951EPSS
CVE
CVE
added 2021/03/04 6:15 p.m.61 views

CVE-2021-26029

An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field.

5.3CVSS5.5AI score0.00017EPSS
CVE
CVE
added 2018/05/22 3:29 p.m.60 views

CVE-2018-11326

An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack.

4.8CVSS5.1AI score0.00066EPSS
CVE
CVE
added 2020/07/15 4:15 p.m.60 views

CVE-2020-15698

An issue was discovered in Joomla! through 3.9.19. Inadequate filtering on the system information screen could expose Redis or proxy credentials

5.3CVSS5.3AI score0.00011EPSS
CVE
CVE
added 2024/08/20 4:15 p.m.60 views

CVE-2024-27184

Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not..

6.1CVSS6.6AI score0.00005EPSS
CVE
CVE
added 2018/08/29 3:29 a.m.59 views

CVE-2018-15881

An issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can lead to an ACL violation.

7.5CVSS7.4AI score0.00061EPSS
CVE
CVE
added 2018/01/30 5:29 p.m.59 views

CVE-2018-6376

In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.

9.8CVSS9.6AI score0.07734EPSS
CVE
CVE
added 2019/02/12 6:29 p.m.59 views

CVE-2019-7739

An issue was discovered in Joomla! before 3.9.3. The "No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior. However, it might be unexpected for the user because the configuration dialog lacks an additional message to explain this.

6.1CVSS6.3AI score0.00069EPSS
CVE
CVE
added 2021/05/26 11:15 a.m.59 views

CVE-2021-26033

An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint.

6.5CVSS6.4AI score0.00009EPSS
CVE
CVE
added 2017/11/10 2:29 a.m.58 views

CVE-2017-16633

In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.

4.3CVSS4.6AI score0.0003EPSS
CVE
CVE
added 2019/01/16 8:29 a.m.58 views

CVE-2019-6261

An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability.

6.1CVSS5.7AI score0.00368EPSS
CVE
CVE
added 2019/03/12 6:29 p.m.58 views

CVE-2019-9711

An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS.

6.1CVSS6.3AI score0.00337EPSS
CVE
CVE
added 2019/03/12 6:29 p.m.58 views

CVE-2019-9713

An issue was discovered in Joomla! before 3.9.4. The sample data plugins lack ACL checks, allowing unauthorized access.

7.5CVSS7.4AI score0.00025EPSS
CVE
CVE
added 2020/03/16 4:15 p.m.58 views

CVE-2020-10242

An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks.

6.1CVSS5.9AI score0.01258EPSS
CVE
CVE
added 2020/07/15 4:15 p.m.58 views

CVE-2020-15696

An issue was discovered in Joomla! through 3.9.19. Lack of input filtering and escaping allows XSS attacks in mod_random_image.

6.1CVSS5.8AI score0.02144EPSS
CVE
CVE
added 2021/03/04 6:15 p.m.58 views

CVE-2021-23127

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.

9.1CVSS9.2AI score0.00009EPSS
CVE
CVE
added 2024/08/20 4:15 p.m.58 views

CVE-2024-27187

Improper Access Controls allows backend users to overwrite their username when disallowed.

7.5CVSS6.5AI score0.00003EPSS
CVE
CVE
added 2025/01/07 5:15 p.m.58 views

CVE-2024-40748

Lack of output escaping in the id attribute of menu lists.

7.5CVSS6.6AI score0.00003EPSS
CVE
CVE
added 2018/10/09 9:29 p.m.57 views

CVE-2018-17858

An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend.

8.8CVSS8.6AI score0.00174EPSS
CVE
CVE
added 2020/07/15 4:15 p.m.57 views

CVE-2020-15695

An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF vulnerability.

6.8CVSS6.2AI score0.00006EPSS
CVE
CVE
added 2020/07/15 4:15 p.m.57 views

CVE-2020-15697

An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users.

4.3CVSS4.7AI score0.00009EPSS
CVE
CVE
added 2021/03/04 6:15 p.m.57 views

CVE-2021-26027

An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article.

5.3CVSS5.6AI score0.00014EPSS
CVE
CVE
added 2021/07/07 11:15 a.m.57 views

CVE-2021-26037

An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked.

5.3CVSS5.6AI score0.00009EPSS
CVE
CVE
added 2021/07/07 11:15 a.m.57 views

CVE-2021-26039

An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability.

6.1CVSS6.1AI score0.02166EPSS
CVE
CVE
added 2017/11/10 2:29 a.m.56 views

CVE-2017-16634

In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.

9.8CVSS9.5AI score0.00145EPSS
CVE
CVE
added 2018/08/29 3:29 a.m.56 views

CVE-2018-15880

An issue was discovered in Joomla! before 3.8.12. Inadequate output filtering on the user profile page could lead to a stored XSS attack.

5.4CVSS6.8AI score0.00148EPSS
CVE
CVE
added 2018/10/09 9:29 p.m.56 views

CVE-2018-17859

An issue was discovered in Joomla! before 3.8.13. Inadequate checks in com_contact could allow mail submission in disabled forms.

4.3CVSS4.9AI score0.00075EPSS
CVE
CVE
added 2019/03/12 6:29 p.m.56 views

CVE-2019-9712

An issue was discovered in Joomla! before 3.9.4. The JSON handler in com_config lacks input validation, leading to XSS.

6.1CVSS6.3AI score0.00026EPSS
CVE
CVE
added 2020/08/26 10:15 p.m.56 views

CVE-2020-24599

An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS attacks.

6.1CVSS5.9AI score0.00855EPSS
CVE
CVE
added 2006/08/31 8:4 p.m.55 views

CVE-2006-4469

Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "remote execution," related to "Injection Flaws."

7.5CVSS6.7AI score0.00211EPSS
CVE
CVE
added 2019/01/16 8:29 a.m.55 views

CVE-2019-6262

An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS.

5.4CVSS5.5AI score0.00015EPSS
CVE
CVE
added 2021/03/04 6:15 p.m.55 views

CVE-2021-23129

An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues.

6.1CVSS6.4AI score0.02951EPSS
CVE
CVE
added 2021/05/26 11:15 a.m.55 views

CVE-2021-26032

An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors.

6.1CVSS5.8AI score0.0161EPSS
CVE
CVE
added 2021/06/21 11:15 p.m.54 views

CVE-2010-1434

Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vuln...

7.5CVSS7.6AI score0.00006EPSS
CVE
CVE
added 2019/03/12 6:29 p.m.54 views

CVE-2019-9714

An issue was discovered in Joomla! before 3.9.4. The media form field lacks escaping, leading to XSS.

6.1CVSS6.3AI score0.00337EPSS
CVE
CVE
added 2020/04/21 5:15 p.m.54 views

CVE-2020-11889

An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups.

5.3CVSS5.2AI score0.00009EPSS
CVE
CVE
added 2020/07/15 4:15 p.m.54 views

CVE-2020-15699

An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site configuration.

5.3CVSS5.3AI score0.00008EPSS
Total number of security vulnerabilities192