VYPR

Joomla!

by Joomla

Source repositories

CVEs (393)

  • CVE-2007-0373Jan 19, 2007
    risk 0.01cvss epss 0.12

    Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the text parameter…

  • CVE-2025-63082Jan 6, 2026
    risk 0.00cvss epss 0.00

    Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.

  • CVE-2025-63083Jan 6, 2026
    risk 0.00cvss epss 0.00

    Lack of output escaping leads to a XSS vector in the pagebreak plugin.

  • CVE-2025-25227Apr 8, 2025
    risk 0.00cvss epss 0.00

    Insufficient state checks lead to a vector that allows to bypass 2FA checks.

  • CVE-2024-40749Jan 7, 2025
    risk 0.00cvss epss 0.00

    Improper Access Controls allows access to protected views.

  • CVE-2024-40747Jan 7, 2025
    risk 0.00cvss epss 0.00

    Various module chromes didn't properly process inputs, leading to XSS vectors.

  • CVE-2024-40748Jan 7, 2025
    risk 0.00cvss epss 0.00

    Lack of output escaping in the id attribute of menu lists.

  • CVE-2024-27185Aug 20, 2024
    risk 0.00cvss epss 0.00

    The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors.

  • CVE-2024-27186Aug 20, 2024
    risk 0.00cvss epss 0.00

    The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions.

  • CVE-2024-27184Aug 20, 2024
    risk 0.00cvss epss 0.00

    Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not..

  • CVE-2024-40743Aug 20, 2024
    risk 0.00cvss epss 0.00

    The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors.

  • CVE-2024-27187Aug 20, 2024
    risk 0.00cvss epss 0.00

    Improper Access Controls allows backend users to overwrite their username when disallowed.

  • CVE-2024-21729Jul 9, 2024
    risk 0.00cvss epss 0.00

    Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field.

  • CVE-2024-21730Jul 9, 2024
    risk 0.00cvss epss 0.00

    The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector.

  • CVE-2024-26279Jul 9, 2024
    risk 0.00cvss epss 0.00

    The wrapper extensions do not correctly validate inputs, leading to XSS vectors.

  • CVE-2024-26278Jul 9, 2024
    risk 0.00cvss epss 0.00

    The Custom Fields component not correctly filter inputs, leading to a XSS vector.

  • CVE-2024-21731Jul 9, 2024
    risk 0.00cvss epss 0.00

    Improper handling of input could lead to an XSS vector in the StringHelper::truncate method.

  • CVE-2024-21723Feb 20, 2024
    risk 0.00cvss epss 0.01

    Inadequate parsing of URLs could result into an open redirect.

  • CVE-2024-21725Feb 20, 2024
    risk 0.00cvss epss 0.32

    Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components.

  • CVE-2024-21724Feb 20, 2024
    risk 0.00cvss epss 0.01

    Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions.

Page 8 of 20