Joomla! Security Vulnerabilities and Issues — Joomla! CVE List

Lucene search

JoomlaJoomla!

74 matches found

CVE•added 2024/02/29 1:44 a.m.•8243 views

CVE-2024-21724

Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions.

6.1CVSS6AI score0.00036EPSS

CVE•added 2024/02/29 1:44 a.m.•6233 views

CVE-2024-21726

Inadequate content filtering leads to XSS vulnerabilities in various components.

6.5CVSS6.4AI score0.00323EPSS

CVE•added 2024/02/29 1:44 a.m.•6173 views

CVE-2024-21722

The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified.

6.3CVSS6.4AI score0.00005EPSS

CVE•added 2024/02/29 1:44 a.m.•6037 views

CVE-2024-21725

Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components.

6.1CVSS6.2AI score0.01539EPSS

CVE•added 2019/04/20 12:29 a.m.•2190 views

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

6.1CVSS6.4AI score0.02394EPSS

CVE•added 2022/03/30 4:15 p.m.•120 views

CVE-2022-23798

An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.

6.1CVSS6.4AI score0.00033EPSS

CVE•added 2019/09/24 9:15 p.m.•116 views

CVE-2019-16725

In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates.

6.1CVSS5.9AI score0.04043EPSS

CVE•added 2019/06/11 7:29 p.m.•113 views

CVE-2019-12764

An issue was discovered in Joomla! before 3.9.7. The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users.

6.5CVSS6.6AI score0.00007EPSS

CVE•added 2019/06/11 7:29 p.m.•107 views

CVE-2019-12766

An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors.

6.1CVSS6AI score0.00065EPSS

CVE•added 2022/03/30 4:15 p.m.•105 views

CVE-2022-23796

An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields.

6.1CVSS6.2AI score0.00106EPSS

CVE•added 2022/03/30 4:15 p.m.•105 views

CVE-2022-23801

An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media.

6.1CVSS6.2AI score0.01156EPSS

CVE•added 2022/03/30 4:15 p.m.•91 views

CVE-2022-23800

An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components.

6.1CVSS6.4AI score0.01156EPSS

CVE•added 2018/05/22 3:29 p.m.•86 views

CVE-2018-11321

An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.

6.5CVSS6.6AI score0.00223EPSS

CVE•added 2023/02/01 10:15 p.m.•86 views

CVE-2023-23750

An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.

6.3CVSS6.2AI score0.00005EPSS

CVE•added 2020/01/28 9:15 p.m.•82 views

CVE-2020-8421

An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs.

6.1CVSS6.1AI score0.01258EPSS

CVE•added 2021/01/12 9:15 p.m.•82 views

CVE-2021-23125

An issue was discovered in Joomla! 3.1.0 through 3.9.23. The lack of escaping of image-related parameters in multiple com_tags views cause lead to XSS attack vectors.

6.1CVSS5.9AI score0.07984EPSS

CVE•added 2020/06/02 8:15 p.m.•81 views

CVE-2020-13761

In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS.

6.1CVSS6.2AI score0.00226EPSS

CVE•added 2021/01/12 9:15 p.m.•80 views

CVE-2021-23124

An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks.

6.1CVSS5.9AI score0.36442EPSS

CVE•added 2022/10/25 7:15 p.m.•76 views

CVE-2022-27913

An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components.

6.1CVSS6.2AI score0.00047EPSS

CVE•added 2017/07/26 3:29 p.m.•75 views

CVE-2017-11612

In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.

6.1CVSS7AI score0.00222EPSS

CVE•added 2020/08/26 10:15 p.m.•73 views

CVE-2020-24598

An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of com_content leads to an open redirect.

6.1CVSS6.1AI score0.00049EPSS

CVE•added 2020/06/02 8:15 p.m.•71 views

CVE-2020-13762

In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows XSS.

6.1CVSS6.2AI score0.00226EPSS

CVE•added 2024/07/09 5:15 p.m.•71 views

CVE-2024-21729

Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field.

6.1CVSS6.2AI score0.0001EPSS

CVE•added 2017/04/25 6:59 p.m.•70 views

CVE-2017-7985

In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.

6.1CVSS6.2AI score0.00048EPSS

CVE•added 2019/05/20 1:29 p.m.•70 views

CVE-2019-11809

An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.

6.1CVSS5.8AI score0.00141EPSS

CVE•added 2019/01/16 8:29 a.m.•69 views

CVE-2019-6264

An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability.

6.1CVSS5.7AI score0.00368EPSS

CVE•added 2021/04/14 6:15 p.m.•69 views

CVE-2021-26030

An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page

6.1CVSS5.9AI score0.46051EPSS

CVE•added 2013/10/09 2:54 p.m.•68 views

CVE-2013-5576

administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot...

6.8CVSS6.3AI score0.6245EPSS

CVE•added 2017/04/25 6:59 p.m.•68 views

CVE-2017-7986

In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.

6.1CVSS6AI score0.0001EPSS

CVE•added 2024/07/09 5:15 p.m.•67 views

CVE-2024-26279

The wrapper extensions do not correctly validate inputs, leading to XSS vectors.

6.1CVSS5.9AI score0.0001EPSS

CVE•added 2020/12/28 8:15 p.m.•65 views

CVE-2020-35615

An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability.

6.8CVSS6.3AI score0.00004EPSS

CVE•added 2018/06/26 7:29 p.m.•64 views

CVE-2018-12711

An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the curren...

6.1CVSS6AI score0.01238EPSS

CVE•added 2019/02/12 6:29 p.m.•64 views

CVE-2019-7744

An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability.

6.1CVSS6.1AI score0.0015EPSS

CVE•added 2023/05/30 5:15 p.m.•64 views

CVE-2023-23754

An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.

6.1CVSS6AI score0.00016EPSS

CVE•added 2018/01/30 5:29 p.m.•63 views

CVE-2018-6377

In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox

6.1CVSS6AI score0.46615EPSS

CVE•added 2019/02/12 6:29 p.m.•63 views

CVE-2019-7740

An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector.

6.1CVSS6.2AI score0.0015EPSS

CVE•added 2024/07/09 5:15 p.m.•63 views

CVE-2024-26278

The Custom Fields component not correctly filter inputs, leading to a XSS vector.

6.1CVSS5.9AI score0.00006EPSS

CVE•added 2018/05/22 3:29 p.m.•61 views

CVE-2018-6378

In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager.

6.1CVSS6AI score0.01889EPSS

CVE•added 2022/11/08 7:15 p.m.•61 views

CVE-2022-27914

An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.

6.1CVSS6.2AI score0.00038EPSS

CVE•added 2024/07/09 5:15 p.m.•61 views

CVE-2024-21731

Improper handling of input could lead to an XSS vector in the StringHelper::truncate method.

6.1CVSS5.9AI score0.0001EPSS

CVE•added 2018/01/30 5:29 p.m.•60 views

CVE-2018-6380

In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.

6.1CVSS6.2AI score0.0312EPSS

CVE•added 2021/07/07 11:15 a.m.•60 views

CVE-2021-26035

An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the rules field of the JForm API leads to a XSS vulnerability.

6.1CVSS6.1AI score0.02166EPSS

CVE•added 2019/02/12 6:29 p.m.•59 views

CVE-2019-7741

An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS.

6.1CVSS6.3AI score0.00064EPSS

CVE•added 2021/03/04 6:15 p.m.•59 views

CVE-2021-23130

An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead to xss issues.

6.1CVSS6.4AI score0.02951EPSS

CVE•added 2017/04/25 6:59 p.m.•58 views

CVE-2017-7987

In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.

6.1CVSS6AI score0.0001EPSS

CVE•added 2024/08/20 4:15 p.m.•58 views

CVE-2024-27184

Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not..

6.1CVSS6.6AI score0.00005EPSS

CVE•added 2017/04/25 6:59 p.m.•57 views

CVE-2017-7984

In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component.

6.1CVSS5.8AI score0.0001EPSS

CVE•added 2019/02/12 6:29 p.m.•57 views

CVE-2019-7739

An issue was discovered in Joomla! before 3.9.3. The "No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior. However, it might be unexpected for the user because the configuration dialog lacks an additional message to explain this.

6.1CVSS6.3AI score0.00069EPSS

CVE•added 2021/05/26 11:15 a.m.•57 views

CVE-2021-26033

An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint.

6.5CVSS6.4AI score0.00009EPSS

CVE•added 2019/01/16 8:29 a.m.•56 views

CVE-2019-6261

An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability.

6.1CVSS5.7AI score0.00368EPSS

Total number of security vulnerabilities74