Joomla! Security Vulnerabilities and Issues — Joomla! CVE List

Lucene search

JoomlaJoomla!

6 matches found

CVE•added 2020/03/16 4:15 p.m.•82 views

CVE-2020-10239

An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users.

8.8CVSS8.8AI score0.01791EPSS

CVE•added 2020/03/16 4:15 p.m.•78 views

CVE-2020-10243

An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype.

9.8CVSS9.6AI score0.00149EPSS

CVE•added 2020/03/16 4:15 p.m.•67 views

CVE-2020-10238

An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors.

7.5CVSS7.3AI score0.03125EPSS

CVE•added 2020/03/16 4:15 p.m.•57 views

CVE-2020-10242

An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks.

6.1CVSS5.9AI score0.01258EPSS

CVE•added 2020/03/16 4:15 p.m.•52 views

CVE-2020-10240

An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.

5.3CVSS5.3AI score0.0003EPSS

CVE•added 2020/03/16 4:15 p.m.•50 views

CVE-2020-10241

An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF.

8.8CVSS8.5AI score0.00037EPSS