Joomla!@3.3.5 Security Vulnerabilities and Issues — Joomla!@3.3.5 CVE List

Lucene search

JoomlaJoomla!3.3.5

14 matches found

CVE•added 2017/09/20 6:29 p.m.•96 views

CVE-2017-14596

In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.

9.8CVSS9.2AI score0.03976EPSS

CVE•added 2017/07/26 3:29 p.m.•77 views

CVE-2017-11612

In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.

6.1CVSS7AI score0.00222EPSS

CVE•added 2017/04/25 6:59 p.m.•70 views

CVE-2017-7986

In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.

6.1CVSS6AI score0.0001EPSS

CVE•added 2017/07/17 9:29 p.m.•62 views

CVE-2017-9933

Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.

7.5CVSS7.2AI score0.00045EPSS

CVE•added 2017/04/25 6:59 p.m.•60 views

CVE-2017-7987

In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.

6.1CVSS6AI score0.00033EPSS

CVE•added 2017/08/02 2:29 p.m.•59 views

CVE-2017-11364

The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.

8.8CVSS8.4AI score0.00125EPSS

CVE•added 2017/04/25 6:59 p.m.•59 views

CVE-2017-7984

In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component.

6.1CVSS5.8AI score0.0001EPSS

CVE•added 2017/07/17 9:29 p.m.•54 views

CVE-2017-9934

Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability.

6.1CVSS6.3AI score0.00375EPSS

CVE•added 2015/12/16 9:59 p.m.•53 views

CVE-2015-8563

Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8CVSS7.1AI score0.00006EPSS

CVE•added 2015/07/14 4:59 p.m.•51 views

CVE-2015-5397

Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors.

6.8CVSS6.7AI score0.00028EPSS

CVE•added 2017/04/25 6:59 p.m.•51 views

CVE-2017-7989

In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.

6.5CVSS6.2AI score0.00006EPSS

CVE•added 2017/04/25 6:59 p.m.•49 views

CVE-2017-7983

In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.

5.3CVSS5.6AI score0.00008EPSS

CVE•added 2017/04/25 6:59 p.m.•48 views

CVE-2017-7988

In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article.

5.3CVSS5.5AI score0.00006EPSS

CVE•added 2017/09/20 6:29 p.m.•46 views

CVE-2015-5608

Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.

6.1CVSS6.2AI score0.00061EPSS