VYPR

Joomla!

by Joomla

Source repositories

CVEs (393)

  • CVE-2019-6262Jan 16, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS.

  • CVE-2019-6261Jan 16, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability.

  • CVE-2019-6264Jan 16, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability.

  • CVE-2015-8565Dec 16, 2015
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.

  • CVE-2015-8564Dec 16, 2015
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.

  • CVE-2015-8563Dec 16, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2015-7899Oct 29, 2015
    risk 0.00cvss epss 0.02

    The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2015-7859Oct 29, 2015
    risk 0.00cvss epss 0.02

    The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2015-6939Sep 18, 2015
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-5397Jul 14, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors.

  • CVE-2015-4654Jun 18, 2015
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.

  • CVE-2012-2413Oct 20, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php.

  • CVE-2014-7984Oct 8, 2014
    risk 0.00cvss epss 0.02

    Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication.

  • CVE-2014-7983Oct 8, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2014-7982Oct 8, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2014-7229Oct 8, 2014
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors.

  • CVE-2014-6632Oct 8, 2014
    risk 0.00cvss epss 0.02

    Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication.

  • CVE-2014-6631Oct 8, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2013-5583Dec 29, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

  • CVE-2013-5576Oct 9, 2013
    risk 0.00cvss epss 0.48

    administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename…

Page 14 of 20