Joomla!
by Joomla
Source repositories
CVEs (393)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-6262 | 0.00 | — | 0.01 | Jan 16, 2019 | An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS. | |||
| CVE-2019-6261 | 0.00 | — | 0.01 | Jan 16, 2019 | An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability. | |||
| CVE-2019-6264 | 0.00 | — | 0.01 | Jan 16, 2019 | An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability. | |||
| CVE-2015-8565 | 0.00 | — | 0.03 | Dec 16, 2015 | Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors. | |||
| CVE-2015-8564 | 0.00 | — | 0.03 | Dec 16, 2015 | Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive. | |||
| CVE-2015-8563 | 0.00 | — | 0.01 | Dec 16, 2015 | Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2015-7899 | 0.00 | — | 0.02 | Oct 29, 2015 | The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-7859 | 0.00 | — | 0.02 | Oct 29, 2015 | The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-6939 | 0.00 | — | 0.03 | Sep 18, 2015 | Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-5397 | 0.00 | — | 0.01 | Jul 14, 2015 | Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors. | |||
| CVE-2015-4654 | 0.00 | — | 0.01 | Jun 18, 2015 | SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent. | |||
| CVE-2012-2413 | 0.00 | — | 0.01 | Oct 20, 2014 | Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php. | |||
| CVE-2014-7984 | 0.00 | — | 0.02 | Oct 8, 2014 | Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication. | |||
| CVE-2014-7983 | 0.00 | — | 0.01 | Oct 8, 2014 | Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-7982 | 0.00 | — | 0.01 | Oct 8, 2014 | Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-7229 | 0.00 | — | 0.01 | Oct 8, 2014 | Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2014-6632 | 0.00 | — | 0.02 | Oct 8, 2014 | Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication. | |||
| CVE-2014-6631 | 0.00 | — | 0.01 | Oct 8, 2014 | Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-5583 | 0.00 | — | 0.01 | Dec 29, 2013 | Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||
| CVE-2013-5576 | 0.00 | — | 0.48 | Oct 9, 2013 | administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename… |
- CVE-2019-6262Jan 16, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS.
- CVE-2019-6261Jan 16, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability.
- CVE-2019-6264Jan 16, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability.
- CVE-2015-8565Dec 16, 2015risk 0.00cvss —epss 0.03
Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.
- CVE-2015-8564Dec 16, 2015risk 0.00cvss —epss 0.03
Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.
- CVE-2015-8563Dec 16, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2015-7899Oct 29, 2015risk 0.00cvss —epss 0.02
The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
- CVE-2015-7859Oct 29, 2015risk 0.00cvss —epss 0.02
The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
- CVE-2015-6939Sep 18, 2015risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2015-5397Jul 14, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors.
- CVE-2015-4654Jun 18, 2015risk 0.00cvss —epss 0.01
SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.
- CVE-2012-2413Oct 20, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php.
- CVE-2014-7984Oct 8, 2014risk 0.00cvss —epss 0.02
Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication.
- CVE-2014-7983Oct 8, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-7982Oct 8, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-7229Oct 8, 2014risk 0.00cvss —epss 0.01
Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors.
- CVE-2014-6632Oct 8, 2014risk 0.00cvss —epss 0.02
Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication.
- CVE-2014-6631Oct 8, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-5583Dec 29, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
- CVE-2013-5576Oct 9, 2013risk 0.00cvss —epss 0.48
administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename…
Page 14 of 20