Joomla! Security Vulnerabilities and Issues — Joomla! CVE List

Lucene search

JoomlaJoomla!

8 matches found

CVE•added 2017/04/25 6:59 p.m.•72 views

CVE-2017-7985

In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.

6.1CVSS6.2AI score0.00048EPSS

CVE•added 2017/04/25 6:59 p.m.•70 views

CVE-2017-7986

In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.

6.1CVSS6AI score0.0001EPSS

CVE•added 2017/04/25 6:59 p.m.•60 views

CVE-2017-7987

In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.

6.1CVSS6AI score0.00033EPSS

CVE•added 2017/04/25 6:59 p.m.•59 views

CVE-2017-7984

In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component.

6.1CVSS5.8AI score0.0001EPSS

CVE•added 2017/04/25 6:59 p.m.•51 views

CVE-2017-7989

In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.

6.5CVSS6.2AI score0.00006EPSS

CVE•added 2017/04/25 6:59 p.m.•49 views

CVE-2017-7983

In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.

5.3CVSS5.6AI score0.00008EPSS

CVE•added 2017/04/25 6:59 p.m.•49 views

CVE-2017-8057

In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting.

5.3CVSS5.6AI score0.00008EPSS

CVE•added 2017/04/25 6:59 p.m.•48 views

CVE-2017-7988

In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article.

5.3CVSS5.5AI score0.00006EPSS