Joomla!
by Joomla
Source repositories
CVEs (393)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-3267 | 0.00 | — | 0.01 | May 3, 2013 | Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-3059 | 0.00 | — | 0.01 | May 3, 2013 | Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-3058 | 0.00 | — | 0.01 | May 3, 2013 | Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-3057 | 0.00 | — | 0.01 | May 3, 2013 | Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors. | |||
| CVE-2013-3056 | 0.00 | — | 0.02 | May 3, 2013 | Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors. | |||
| CVE-2013-1455 | 0.00 | — | 0.01 | Feb 13, 2013 | Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable." | |||
| CVE-2013-1454 | 0.00 | — | 0.01 | Feb 13, 2013 | Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors." | |||
| CVE-2012-1599 | 0.00 | — | 0.01 | Dec 3, 2012 | Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611. | |||
| CVE-2012-1598 | 0.00 | — | 0.01 | Dec 3, 2012 | Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability." | |||
| CVE-2012-5827 | 0.00 | — | 0.01 | Nov 11, 2012 | Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection." | |||
| CVE-2012-4532 | 0.00 | — | 0.01 | Oct 31, 2012 | Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. NOTE: some of these details are… | |||
| CVE-2012-4531 | 0.00 | — | 0.02 | Oct 31, 2012 | Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-5455 | 0.00 | — | 0.02 | Oct 22, 2012 | Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error." | |||
| CVE-2011-4911 | 0.00 | — | 0.02 | Oct 7, 2012 | Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors. | |||
| CVE-2011-4910 | 0.00 | — | 0.01 | Oct 7, 2012 | Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||
| CVE-2012-1117 | 0.00 | — | 0.01 | Sep 26, 2012 | Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-1612 | 0.00 | — | 0.01 | Sep 6, 2012 | Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-1611 | 0.00 | — | 0.01 | Sep 6, 2012 | Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599. | |||
| CVE-2012-0837 | 0.00 | — | 0.01 | Sep 6, 2012 | Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator." | |||
| CVE-2012-0836 | 0.00 | — | 0.01 | Sep 6, 2012 | Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors. |
- CVE-2013-3267May 3, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-3059May 3, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-3058May 3, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-3057May 3, 2013risk 0.00cvss —epss 0.01
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors.
- CVE-2013-3056May 3, 2013risk 0.00cvss —epss 0.02
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors.
- CVE-2013-1455Feb 13, 2013risk 0.00cvss —epss 0.01
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable."
- CVE-2013-1454Feb 13, 2013risk 0.00cvss —epss 0.01
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors."
- CVE-2012-1599Dec 3, 2012risk 0.00cvss —epss 0.01
Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611.
- CVE-2012-1598Dec 3, 2012risk 0.00cvss —epss 0.01
Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."
- CVE-2012-5827Nov 11, 2012risk 0.00cvss —epss 0.01
Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection."
- CVE-2012-4532Oct 31, 2012risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. NOTE: some of these details are…
- CVE-2012-4531Oct 31, 2012risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2012-5455Oct 22, 2012risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error."
- CVE-2011-4911Oct 7, 2012risk 0.00cvss —epss 0.02
Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors.
- CVE-2011-4910Oct 7, 2012risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
- CVE-2012-1117Sep 26, 2012risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2012-1612Sep 6, 2012risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2012-1611Sep 6, 2012risk 0.00cvss —epss 0.01
Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599.
- CVE-2012-0837Sep 6, 2012risk 0.00cvss —epss 0.01
Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator."
- CVE-2012-0836Sep 6, 2012risk 0.00cvss —epss 0.01
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors.
Page 15 of 20