Joomla! Security Vulnerabilities and Issues — Joomla! CVE List

Lucene search

JoomlaJoomla!

6 matches found

CVE•added 2019/02/12 6:29 p.m.•66 views

CVE-2019-7744

An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability.

6.1CVSS6.1AI score0.0015EPSS

CVE•added 2019/02/12 6:29 p.m.•63 views

CVE-2019-7740

An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector.

6.1CVSS6.2AI score0.0015EPSS

CVE•added 2019/02/12 6:29 p.m.•61 views

CVE-2019-7741

An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS.

6.1CVSS6.3AI score0.00064EPSS

CVE•added 2019/02/12 6:29 p.m.•61 views

CVE-2019-7743

An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files.

9.8CVSS9.4AI score0.01449EPSS

CVE•added 2019/02/12 6:29 p.m.•59 views

CVE-2019-7739

An issue was discovered in Joomla! before 3.9.3. The "No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior. However, it might be unexpected for the user because the configuration dialog lacks an additional message to explain this.

6.1CVSS6.3AI score0.00069EPSS

CVE•added 2019/02/12 6:29 p.m.•52 views

CVE-2019-7742

An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector.

6.1CVSS6.2AI score0.0013EPSS