Joomla!
by Joomla
Source repositories
CVEs (393)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-0373 | 0.01 | — | 0.12 | Jan 19, 2007 | Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the text parameter… | |||
| CVE-2025-63082 | 0.00 | — | 0.00 | Jan 6, 2026 | Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags. | |||
| CVE-2025-63083 | 0.00 | — | 0.00 | Jan 6, 2026 | Lack of output escaping leads to a XSS vector in the pagebreak plugin. | |||
| CVE-2025-25227 | 0.00 | — | 0.00 | Apr 8, 2025 | Insufficient state checks lead to a vector that allows to bypass 2FA checks. | |||
| CVE-2024-40749 | 0.00 | — | 0.00 | Jan 7, 2025 | Improper Access Controls allows access to protected views. | |||
| CVE-2024-40747 | 0.00 | — | 0.00 | Jan 7, 2025 | Various module chromes didn't properly process inputs, leading to XSS vectors. | |||
| CVE-2024-40748 | 0.00 | — | 0.00 | Jan 7, 2025 | Lack of output escaping in the id attribute of menu lists. | |||
| CVE-2024-27185 | 0.00 | — | 0.00 | Aug 20, 2024 | The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors. | |||
| CVE-2024-27186 | 0.00 | — | 0.00 | Aug 20, 2024 | The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions. | |||
| CVE-2024-27184 | 0.00 | — | 0.00 | Aug 20, 2024 | Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.. | |||
| CVE-2024-40743 | 0.00 | — | 0.00 | Aug 20, 2024 | The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors. | |||
| CVE-2024-27187 | 0.00 | — | 0.00 | Aug 20, 2024 | Improper Access Controls allows backend users to overwrite their username when disallowed. | |||
| CVE-2024-21729 | 0.00 | — | 0.00 | Jul 9, 2024 | Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field. | |||
| CVE-2024-21730 | 0.00 | — | 0.00 | Jul 9, 2024 | The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector. | |||
| CVE-2024-26279 | 0.00 | — | 0.00 | Jul 9, 2024 | The wrapper extensions do not correctly validate inputs, leading to XSS vectors. | |||
| CVE-2024-26278 | 0.00 | — | 0.00 | Jul 9, 2024 | The Custom Fields component not correctly filter inputs, leading to a XSS vector. | |||
| CVE-2024-21731 | 0.00 | — | 0.00 | Jul 9, 2024 | Improper handling of input could lead to an XSS vector in the StringHelper::truncate method. | |||
| CVE-2024-21723 | 0.00 | — | 0.01 | Feb 20, 2024 | Inadequate parsing of URLs could result into an open redirect. | |||
| CVE-2024-21725 | 0.00 | — | 0.32 | Feb 20, 2024 | Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components. | |||
| CVE-2024-21724 | 0.00 | — | 0.01 | Feb 20, 2024 | Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions. |
- CVE-2007-0373Jan 19, 2007risk 0.01cvss —epss 0.12
Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the text parameter…
- CVE-2025-63082Jan 6, 2026risk 0.00cvss —epss 0.00
Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.
- CVE-2025-63083Jan 6, 2026risk 0.00cvss —epss 0.00
Lack of output escaping leads to a XSS vector in the pagebreak plugin.
- CVE-2025-25227Apr 8, 2025risk 0.00cvss —epss 0.00
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
- CVE-2024-40749Jan 7, 2025risk 0.00cvss —epss 0.00
Improper Access Controls allows access to protected views.
- CVE-2024-40747Jan 7, 2025risk 0.00cvss —epss 0.00
Various module chromes didn't properly process inputs, leading to XSS vectors.
- CVE-2024-40748Jan 7, 2025risk 0.00cvss —epss 0.00
Lack of output escaping in the id attribute of menu lists.
- CVE-2024-27185Aug 20, 2024risk 0.00cvss —epss 0.00
The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors.
- CVE-2024-27186Aug 20, 2024risk 0.00cvss —epss 0.00
The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions.
- CVE-2024-27184Aug 20, 2024risk 0.00cvss —epss 0.00
Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not..
- CVE-2024-40743Aug 20, 2024risk 0.00cvss —epss 0.00
The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors.
- CVE-2024-27187Aug 20, 2024risk 0.00cvss —epss 0.00
Improper Access Controls allows backend users to overwrite their username when disallowed.
- CVE-2024-21729Jul 9, 2024risk 0.00cvss —epss 0.00
Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field.
- CVE-2024-21730Jul 9, 2024risk 0.00cvss —epss 0.00
The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector.
- CVE-2024-26279Jul 9, 2024risk 0.00cvss —epss 0.00
The wrapper extensions do not correctly validate inputs, leading to XSS vectors.
- CVE-2024-26278Jul 9, 2024risk 0.00cvss —epss 0.00
The Custom Fields component not correctly filter inputs, leading to a XSS vector.
- CVE-2024-21731Jul 9, 2024risk 0.00cvss —epss 0.00
Improper handling of input could lead to an XSS vector in the StringHelper::truncate method.
- CVE-2024-21723Feb 20, 2024risk 0.00cvss —epss 0.01
Inadequate parsing of URLs could result into an open redirect.
- CVE-2024-21725Feb 20, 2024risk 0.00cvss —epss 0.32
Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components.
- CVE-2024-21724Feb 20, 2024risk 0.00cvss —epss 0.01
Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions.
Page 8 of 20