Bitnami package
joomla
pkg:bitnami/joomla
Vulnerabilities (102)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-15700 | — | >= 3.7.0, <= 3.9.19 | — | Jul 15, 2020 | An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF vulnerability. | ||
| CVE-2020-15699 | — | >= 2.5.0, <= 3.9.19 | — | Jul 15, 2020 | An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site configuration. | ||
| CVE-2020-15698 | — | >= 3.0.0, <= 3.9.19 | — | Jul 15, 2020 | An issue was discovered in Joomla! through 3.9.19. Inadequate filtering on the system information screen could expose Redis or proxy credentials | ||
| CVE-2020-15697 | — | >= 3.0.0, <= 3.9.19 | — | Jul 15, 2020 | An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users. | ||
| CVE-2020-15696 | — | >= 3.0.0, <= 3.9.19 | — | Jul 15, 2020 | An issue was discovered in Joomla! through 3.9.19. Lack of input filtering and escaping allows XSS attacks in mod_random_image. | ||
| CVE-2020-15695 | — | >= 3.9.0, <= 3.9.19 | — | Jul 15, 2020 | An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF vulnerability. | ||
| CVE-2020-13760 | — | >= 3.7.0, < 3.9.19 | 3.9.19 | Jun 2, 2020 | In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF. | ||
| CVE-2020-13761 | — | >= 3.0.0, < 3.9.19 | 3.9.19 | Jun 2, 2020 | In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS. | ||
| CVE-2020-13762 | — | >= 3.9.0, < 3.9.19 | 3.9.19 | Jun 2, 2020 | In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows XSS. | ||
| CVE-2020-13763 | — | >= 2.5.0, < 3.9.19 | 3.9.19 | Jun 2, 2020 | In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users. | ||
| CVE-2020-11891 | — | >= 3.8.8, < 3.9.17 | 3.9.17 | Apr 21, 2020 | An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups. | ||
| CVE-2020-11889 | — | >= 2.5.0, < 3.9.17 | 3.9.17 | Apr 21, 2020 | An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups. | ||
| CVE-2020-11890 | — | >= 2.5.0, < 3.9.17 | 3.9.17 | Apr 21, 2020 | An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration. | ||
| CVE-2020-10243 | — | >= 1.7.0, < 3.9.16 | 3.9.16 | Mar 16, 2020 | An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype. | ||
| CVE-2020-10242 | — | >= 3.0.0, < 3.9.16 | 3.9.16 | Mar 16, 2020 | An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks. | ||
| CVE-2020-10241 | — | >= 3.2.0, < 3.9.16 | 3.9.16 | Mar 16, 2020 | An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF. | ||
| CVE-2020-10240 | — | >= 3.0.0, < 3.9.16 | 3.9.16 | Mar 16, 2020 | An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses. | ||
| CVE-2020-10239 | — | >= 3.7.0, < 3.9.16 | 3.9.16 | Mar 16, 2020 | An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users. | ||
| CVE-2020-10238 | — | >= 2.5.0, < 3.9.16 | 3.9.16 | Mar 16, 2020 | An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors. | ||
| CVE-2020-8419 | — | >= 3.0.0, < 3.9.15 | 3.9.15 | Jan 28, 2020 | An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities. |
- CVE-2020-15700Jul 15, 2020affected >= 3.7.0, <= 3.9.19
An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF vulnerability.
- CVE-2020-15699Jul 15, 2020affected >= 2.5.0, <= 3.9.19
An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site configuration.
- CVE-2020-15698Jul 15, 2020affected >= 3.0.0, <= 3.9.19
An issue was discovered in Joomla! through 3.9.19. Inadequate filtering on the system information screen could expose Redis or proxy credentials
- CVE-2020-15697Jul 15, 2020affected >= 3.0.0, <= 3.9.19
An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users.
- CVE-2020-15696Jul 15, 2020affected >= 3.0.0, <= 3.9.19
An issue was discovered in Joomla! through 3.9.19. Lack of input filtering and escaping allows XSS attacks in mod_random_image.
- CVE-2020-15695Jul 15, 2020affected >= 3.9.0, <= 3.9.19
An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF vulnerability.
- CVE-2020-13760Jun 2, 2020affected >= 3.7.0, < 3.9.19fixed 3.9.19
In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF.
- CVE-2020-13761Jun 2, 2020affected >= 3.0.0, < 3.9.19fixed 3.9.19
In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS.
- CVE-2020-13762Jun 2, 2020affected >= 3.9.0, < 3.9.19fixed 3.9.19
In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows XSS.
- CVE-2020-13763Jun 2, 2020affected >= 2.5.0, < 3.9.19fixed 3.9.19
In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users.
- CVE-2020-11891Apr 21, 2020affected >= 3.8.8, < 3.9.17fixed 3.9.17
An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups.
- CVE-2020-11889Apr 21, 2020affected >= 2.5.0, < 3.9.17fixed 3.9.17
An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups.
- CVE-2020-11890Apr 21, 2020affected >= 2.5.0, < 3.9.17fixed 3.9.17
An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration.
- CVE-2020-10243Mar 16, 2020affected >= 1.7.0, < 3.9.16fixed 3.9.16
An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype.
- CVE-2020-10242Mar 16, 2020affected >= 3.0.0, < 3.9.16fixed 3.9.16
An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks.
- CVE-2020-10241Mar 16, 2020affected >= 3.2.0, < 3.9.16fixed 3.9.16
An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF.
- CVE-2020-10240Mar 16, 2020affected >= 3.0.0, < 3.9.16fixed 3.9.16
An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.
- CVE-2020-10239Mar 16, 2020affected >= 3.7.0, < 3.9.16fixed 3.9.16
An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users.
- CVE-2020-10238Mar 16, 2020affected >= 2.5.0, < 3.9.16fixed 3.9.16
An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors.
- CVE-2020-8419Jan 28, 2020affected >= 3.0.0, < 3.9.15fixed 3.9.15
An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities.
Page 5 of 6