Joomla!@1.6 Security Vulnerabilities and Issues — Joomla!@1.6 CVE List

Lucene search

JoomlaJoomla!1.6

11 matches found

CVE•added 2017/07/26 3:29 p.m.•77 views

CVE-2017-11612

In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.

6.1CVSS7AI score0.00222EPSS

CVE•added 2011/07/27 8:55 p.m.•74 views

CVE-2011-2710

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject ...

4.3CVSS5.7AI score0.00047EPSS

CVE•added 2017/08/02 2:29 p.m.•59 views

CVE-2017-11364

The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.

8.8CVSS8.4AI score0.00125EPSS

CVE•added 2011/07/27 8:55 p.m.•53 views

CVE-2011-2891

Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488.

5CVSS6AI score0.00107EPSS

CVE•added 2011/11/23 6:55 p.m.•50 views

CVE-2011-4332

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.9AI score0.00022EPSS

CVE•added 2012/09/06 7:55 p.m.•42 views

CVE-2012-0822

Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0820.

4.3CVSS5.8AI score0.00015EPSS

CVE•added 2011/07/27 8:55 p.m.•41 views

CVE-2011-2509

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component, as demonstrated by the Itemid parameter to index.php; (2) the query string to the com_content component, a...

4.3CVSS5.8AI score0.00027EPSS

CVE•added 2012/09/06 7:55 p.m.•41 views

CVE-2012-0820

Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0822.

4.3CVSS5.8AI score0.00015EPSS

CVE•added 2012/09/06 7:55 p.m.•39 views

CVE-2012-0821

Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0819.

5CVSS6.2AI score0.00016EPSS

CVE•added 2012/09/06 7:55 p.m.•38 views

CVE-2012-0819

Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0821.

5CVSS6.2AI score0.00016EPSS

CVE•added 2011/07/27 8:55 p.m.•37 views

CVE-2011-2892

Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

4.3CVSS6.6AI score0.00017EPSS