VYPR

com_users

by Joomla

CVEs (2)

  • CVE-2026-35220MedMay 26, 2026
    risk 0.28cvss 4.3epss 0.00

    Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users.

  • CVE-2009-1940Jun 5, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.