Joomla!
by Joomla
Source repositories
CVEs (393)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-13761 | 0.00 | — | 0.01 | Jun 2, 2020 | In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS. | |||
| CVE-2020-13762 | 0.00 | — | 0.01 | Jun 2, 2020 | In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows XSS. | |||
| CVE-2020-13763 | 0.00 | — | 0.01 | Jun 2, 2020 | In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users. | |||
| CVE-2020-11891 | 0.00 | — | 0.01 | Apr 21, 2020 | An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups. | |||
| CVE-2020-11889 | 0.00 | — | 0.01 | Apr 21, 2020 | An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups. | |||
| CVE-2020-11890 | 0.00 | — | 0.03 | Apr 21, 2020 | An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration. | |||
| CVE-2020-10243 | 0.00 | — | 0.02 | Mar 16, 2020 | An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype. | |||
| CVE-2020-10242 | 0.00 | — | 0.01 | Mar 16, 2020 | An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks. | |||
| CVE-2020-10241 | 0.00 | — | 0.01 | Mar 16, 2020 | An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF. | |||
| CVE-2020-10240 | 0.00 | — | 0.01 | Mar 16, 2020 | An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses. | |||
| CVE-2011-1151 | 0.00 | — | 0.02 | Feb 5, 2020 | Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters. | |||
| CVE-2011-4912 | 0.00 | — | 0.01 | Feb 4, 2020 | Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass. | |||
| CVE-2011-3629 | 0.00 | — | 0.01 | Feb 4, 2020 | Joomla! core 1.7.1 allows information disclosure due to weak encryption | |||
| CVE-2011-4937 | 0.00 | — | 0.02 | Feb 4, 2020 | Joomla! 1.7.1 has core information disclosure due to inadequate error checking. | |||
| CVE-2020-8419 | 0.00 | — | 0.00 | Jan 28, 2020 | An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities. | |||
| CVE-2020-8421 | 0.00 | — | 0.01 | Jan 28, 2020 | An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs. | |||
| CVE-2020-8420 | 0.00 | — | 0.01 | Jan 28, 2020 | An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability. | |||
| CVE-2011-3595 | 0.00 | — | 0.01 | Jan 22, 2020 | Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters. | |||
| CVE-2011-4907 | 0.00 | — | 0.01 | Jan 15, 2020 | Joomla! 1.5x through 1.5.12: Missing JEXEC Check | |||
| CVE-2012-1562 | 0.00 | — | 0.01 | Jan 15, 2020 | Joomla! core before 2.5.3 allows unauthorized password change. |
- CVE-2020-13761Jun 2, 2020risk 0.00cvss —epss 0.01
In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS.
- CVE-2020-13762Jun 2, 2020risk 0.00cvss —epss 0.01
In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows XSS.
- CVE-2020-13763Jun 2, 2020risk 0.00cvss —epss 0.01
In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users.
- CVE-2020-11891Apr 21, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups.
- CVE-2020-11889Apr 21, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups.
- CVE-2020-11890Apr 21, 2020risk 0.00cvss —epss 0.03
An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration.
- CVE-2020-10243Mar 16, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype.
- CVE-2020-10242Mar 16, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks.
- CVE-2020-10241Mar 16, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF.
- CVE-2020-10240Mar 16, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.
- CVE-2011-1151Feb 5, 2020risk 0.00cvss —epss 0.02
Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters.
- CVE-2011-4912Feb 4, 2020risk 0.00cvss —epss 0.01
Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.
- CVE-2011-3629Feb 4, 2020risk 0.00cvss —epss 0.01
Joomla! core 1.7.1 allows information disclosure due to weak encryption
- CVE-2011-4937Feb 4, 2020risk 0.00cvss —epss 0.02
Joomla! 1.7.1 has core information disclosure due to inadequate error checking.
- CVE-2020-8419Jan 28, 2020risk 0.00cvss —epss 0.00
An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities.
- CVE-2020-8421Jan 28, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs.
- CVE-2020-8420Jan 28, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.
- CVE-2011-3595Jan 22, 2020risk 0.00cvss —epss 0.01
Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters.
- CVE-2011-4907Jan 15, 2020risk 0.00cvss —epss 0.01
Joomla! 1.5x through 1.5.12: Missing JEXEC Check
- CVE-2012-1562Jan 15, 2020risk 0.00cvss —epss 0.01
Joomla! core before 2.5.3 allows unauthorized password change.
Page 12 of 20