VYPR

Joomla!

by Joomla

Source repositories

CVEs (393)

  • CVE-2026-21632MedApr 1, 2026
    risk 0.28cvss 5.4epss 0.00

    Lack of output escaping for article titles leads to XSS vectors in various locations.

  • CVE-2026-21631MedApr 1, 2026
    risk 0.28cvss 5.4epss 0.00

    Lack of output escaping leads to a XSS vector in the multilingual associations component.

  • CVE-2018-17859MedOct 9, 2018
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in Joomla! before 3.8.13. Inadequate checks in com_contact could allow mail submission in disabled forms.

  • CVE-2018-17857MedOct 9, 2018
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in Joomla! before 3.8.13. Inadequate checks on the tags search fields can lead to an access level violation.

  • CVE-2018-15880MedAug 29, 2018
    risk 0.28cvss 5.4epss 0.01

    An issue was discovered in Joomla! before 3.8.12. Inadequate output filtering on the user profile page could lead to a stored XSS attack.

  • CVE-2018-11327MedMay 22, 2018
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission.

  • CVE-2017-16633MedNov 10, 2017
    risk 0.28cvss 4.3epss 0.02

    In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.

  • CVE-2025-54476MedSep 30, 2025
    risk 0.24cvss epss 0.00

    Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class.

  • CVE-2017-14595LowSep 20, 2017
    risk 0.24cvss 3.7epss 0.02

    In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.

  • CVE-2023-23752KEVFeb 16, 2023
    risk 0.16cvss epss 1.00

    An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.

  • CVE-2015-8562Dec 16, 2015
    risk 0.11cvss epss 0.98

    Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.

  • CVE-2015-7857Oct 29, 2015
    risk 0.11cvss epss 0.94

    SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php.

  • CVE-2015-7297Oct 29, 2015
    risk 0.11cvss epss 1.00

    SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858.

  • CVE-2015-7858Oct 29, 2015
    risk 0.10cvss epss 0.85

    SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.

  • CVE-2019-10945Apr 10, 2019
    risk 0.09cvss epss 0.38

    An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.

  • CVE-2014-7228Nov 3, 2014
    risk 0.07cvss epss 0.55

    Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and…

  • CVE-2007-2199Apr 24, 2007
    risk 0.07cvss epss 0.47

    PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including (1) Joomla! 1.5.0 Beta, (2) N/X Web Content Management System (WCMS) 4.5, (3) CJG…

  • CVE-2011-4906Feb 12, 2020
    risk 0.06cvss epss 0.10

    Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution.

  • CVE-2007-5457Oct 14, 2007
    risk 0.06cvss epss 0.38

    Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1)…

  • CVE-2007-5451Oct 14, 2007
    risk 0.06cvss epss 0.31

    PHP remote file inclusion vulnerability in admin.color.php in the com_colorlab (aka com_color) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

Page 5 of 20