Bitnami package
joomla
pkg:bitnami/joomla
Vulnerabilities (102)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-26279 | — | >= 3.0.0, < 5.1.2 | 5.1.2 | Jul 9, 2024 | The wrapper extensions do not correctly validate inputs, leading to XSS vectors. | ||
| CVE-2024-26278 | — | >= 3.7.0, < 5.1.2 | 5.1.2 | Jul 9, 2024 | The Custom Fields component not correctly filter inputs, leading to a XSS vector. | ||
| CVE-2024-21731 | — | >= 3.0.0, < 5.1.2 | 5.1.2 | Jul 9, 2024 | Improper handling of input could lead to an XSS vector in the StringHelper::truncate method. | ||
| CVE-2024-21723 | — | >= 1.5.0, < 5.0.3 | 5.0.3 | Feb 20, 2024 | Inadequate parsing of URLs could result into an open redirect. | ||
| CVE-2024-21725 | — | >= 4.0.0, < 5.0.3 | 5.0.3 | Feb 20, 2024 | Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components. | ||
| CVE-2024-21724 | — | >= 1.6.0, < 5.0.3 | 5.0.3 | Feb 20, 2024 | Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions. | ||
| CVE-2024-21722 | — | >= 3.2.0, < 5.0.3 | 5.0.3 | Feb 20, 2024 | The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified. | ||
| CVE-2024-21726 | — | >= 3.7.0, < 5.1.0 | 5.1.0 | Feb 20, 2024 | Inadequate content filtering leads to XSS vulnerabilities in various components. | ||
| CVE-2023-40626 | — | >= 1.6.0, < 3.10.14 | 3.10.14 | Nov 29, 2023 | The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information. | ||
| CVE-2023-23754 | — | >= 4.2.0, < 4.3.2 | 4.3.2 | May 30, 2023 | An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen. | ||
| CVE-2023-23755 | — | >= 4.2.0, < 4.3.2 | 4.3.2 | May 30, 2023 | An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods. | ||
| CVE-2023-23752 | — | KEV | >= 4.0.0, < 4.2.8 | 4.2.8 | Feb 16, 2023 | An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. | |
| CVE-2023-23751 | — | >= 4.0.0, <= 4.2.4 | — | Feb 1, 2023 | An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs. | ||
| CVE-2023-23750 | — | >= 4.0.0, <= 4.2.6 | — | Feb 1, 2023 | An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages. | ||
| CVE-2022-27914 | — | >= 4.0.0, < 4.2.5 | 4.2.5 | Nov 8, 2022 | An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media. | ||
| CVE-2022-27913 | — | >= 4.0.0, <= 4.2.3 | — | Oct 25, 2022 | An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components. | ||
| CVE-2022-27912 | — | >= 4.0.0, <= 4.2.3 | — | Oct 25, 2022 | An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests. | ||
| CVE-2022-27911 | — | >= 4.2.0, <= 4.2.0 | — | Aug 31, 2022 | An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes. | ||
| CVE-2022-23801 | — | >= 4.0.0, <= 4.1.0 | — | Mar 30, 2022 | An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media. | ||
| CVE-2022-23800 | — | >= 4.0.0, <= 4.1.0 | — | Mar 30, 2022 | An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components. |
- CVE-2024-26279Jul 9, 2024affected >= 3.0.0, < 5.1.2fixed 5.1.2
The wrapper extensions do not correctly validate inputs, leading to XSS vectors.
- CVE-2024-26278Jul 9, 2024affected >= 3.7.0, < 5.1.2fixed 5.1.2
The Custom Fields component not correctly filter inputs, leading to a XSS vector.
- CVE-2024-21731Jul 9, 2024affected >= 3.0.0, < 5.1.2fixed 5.1.2
Improper handling of input could lead to an XSS vector in the StringHelper::truncate method.
- CVE-2024-21723Feb 20, 2024affected >= 1.5.0, < 5.0.3fixed 5.0.3
Inadequate parsing of URLs could result into an open redirect.
- CVE-2024-21725Feb 20, 2024affected >= 4.0.0, < 5.0.3fixed 5.0.3
Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components.
- CVE-2024-21724Feb 20, 2024affected >= 1.6.0, < 5.0.3fixed 5.0.3
Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions.
- CVE-2024-21722Feb 20, 2024affected >= 3.2.0, < 5.0.3fixed 5.0.3
The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified.
- CVE-2024-21726Feb 20, 2024affected >= 3.7.0, < 5.1.0fixed 5.1.0
Inadequate content filtering leads to XSS vulnerabilities in various components.
- CVE-2023-40626Nov 29, 2023affected >= 1.6.0, < 3.10.14fixed 3.10.14
The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information.
- CVE-2023-23754May 30, 2023affected >= 4.2.0, < 4.3.2fixed 4.3.2
An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.
- CVE-2023-23755May 30, 2023affected >= 4.2.0, < 4.3.2fixed 4.3.2
An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods.
- affected >= 4.0.0, < 4.2.8fixed 4.2.8
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
- CVE-2023-23751Feb 1, 2023affected >= 4.0.0, <= 4.2.4
An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.
- CVE-2023-23750Feb 1, 2023affected >= 4.0.0, <= 4.2.6
An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.
- CVE-2022-27914Nov 8, 2022affected >= 4.0.0, < 4.2.5fixed 4.2.5
An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.
- CVE-2022-27913Oct 25, 2022affected >= 4.0.0, <= 4.2.3
An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components.
- CVE-2022-27912Oct 25, 2022affected >= 4.0.0, <= 4.2.3
An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests.
- CVE-2022-27911Aug 31, 2022affected >= 4.2.0, <= 4.2.0
An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes.
- CVE-2022-23801Mar 30, 2022affected >= 4.0.0, <= 4.1.0
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media.
- CVE-2022-23800Mar 30, 2022affected >= 4.0.0, <= 4.1.0
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components.
Page 2 of 6