Lucene search

K
JoomlaJoomla1.5.2

13 matches found

CVE
CVE
added 2008/07/18 4:41 p.m.148 views

CVE-2008-3225

Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix."

10CVSS6.5AI score0.00028EPSS
CVE
CVE
added 2009/04/09 4:27 p.m.59 views

CVE-2009-1280

Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8CVSS7.5AI score0.00004EPSS
CVE
CVE
added 2009/06/05 6:30 p.m.58 views

CVE-2009-1938

Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel.

4.3CVSS5.7AI score0.00235EPSS
CVE
CVE
added 2009/06/05 6:30 p.m.57 views

CVE-2009-1939

Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00016EPSS
CVE
CVE
added 2008/07/18 4:41 p.m.50 views

CVE-2008-3227

Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability.

7.5CVSS6.4AI score0.00202EPSS
CVE
CVE
added 2008/09/18 5:59 p.m.49 views

CVE-2008-4102

Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681.

7.5CVSS6.6AI score0.16333EPSS
CVE
CVE
added 2008/09/18 5:59 p.m.49 views

CVE-2008-4104

Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.

5.8CVSS6.7AI score0.00025EPSS
CVE
CVE
added 2008/07/18 4:41 p.m.40 views

CVE-2008-3228

Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors.

7.5CVSS6.7AI score0.0279EPSS
CVE
CVE
added 2009/06/05 6:30 p.m.40 views

CVE-2009-1940

Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00014EPSS
CVE
CVE
added 2008/09/18 5:59 p.m.38 views

CVE-2008-4105

JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact.

7.5CVSS7.1AI score0.03352EPSS
CVE
CVE
added 2009/02/26 4:17 p.m.38 views

CVE-2008-6299

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content mod...

3.5CVSS5.5AI score0.00008EPSS
CVE
CVE
added 2009/04/09 4:27 p.m.35 views

CVE-2009-1279

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in th...

2.6CVSS5.8AI score0.00011EPSS
CVE
CVE
added 2008/07/18 4:41 p.m.32 views

CVE-2008-3226

The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors.

5CVSS6.5AI score0.01393EPSS