VYPR

Joomla!

by Joomla

Source repositories

CVEs (393)

  • CVE-2020-13761Jun 2, 2020
    risk 0.00cvss epss 0.01

    In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS.

  • CVE-2020-13762Jun 2, 2020
    risk 0.00cvss epss 0.01

    In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows XSS.

  • CVE-2020-13763Jun 2, 2020
    risk 0.00cvss epss 0.01

    In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users.

  • CVE-2020-11891Apr 21, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups.

  • CVE-2020-11889Apr 21, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups.

  • CVE-2020-11890Apr 21, 2020
    risk 0.00cvss epss 0.03

    An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration.

  • CVE-2020-10243Mar 16, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype.

  • CVE-2020-10242Mar 16, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks.

  • CVE-2020-10241Mar 16, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF.

  • CVE-2020-10240Mar 16, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.

  • CVE-2011-1151Feb 5, 2020
    risk 0.00cvss epss 0.02

    Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters.

  • CVE-2011-4912Feb 4, 2020
    risk 0.00cvss epss 0.01

    Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.

  • CVE-2011-3629Feb 4, 2020
    risk 0.00cvss epss 0.01

    Joomla! core 1.7.1 allows information disclosure due to weak encryption

  • CVE-2011-4937Feb 4, 2020
    risk 0.00cvss epss 0.02

    Joomla! 1.7.1 has core information disclosure due to inadequate error checking.

  • CVE-2020-8419Jan 28, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities.

  • CVE-2020-8421Jan 28, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs.

  • CVE-2020-8420Jan 28, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.

  • CVE-2011-3595Jan 22, 2020
    risk 0.00cvss epss 0.01

    Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters.

  • CVE-2011-4907Jan 15, 2020
    risk 0.00cvss epss 0.01

    Joomla! 1.5x through 1.5.12: Missing JEXEC Check

  • CVE-2012-1562Jan 15, 2020
    risk 0.00cvss epss 0.01

    Joomla! core before 2.5.3 allows unauthorized password change.

Page 12 of 20