VYPR

Vendor CVEs

Joomla

All CVEs

1,051 total · sorted by risk
  • CVE-2020-15696Jul 15, 2020
    risk 0.00cvss epss 0.03

    An issue was discovered in Joomla! through 3.9.19. Lack of input filtering and escaping allows XSS attacks in mod_random_image.

  • CVE-2020-15695Jul 15, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF vulnerability.

  • CVE-2020-13760Jun 2, 2020
    risk 0.00cvss epss 0.01

    In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF.

  • CVE-2020-13761Jun 2, 2020
    risk 0.00cvss epss 0.01

    In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS.

  • CVE-2020-13762Jun 2, 2020
    risk 0.00cvss epss 0.01

    In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows XSS.

  • CVE-2020-13763Jun 2, 2020
    risk 0.00cvss epss 0.01

    In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users.

  • CVE-2020-11891Apr 21, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups.

  • CVE-2020-11889Apr 21, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups.

  • CVE-2020-11890Apr 21, 2020
    risk 0.00cvss epss 0.03

    An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration.

  • CVE-2020-10243Mar 16, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype.

  • CVE-2020-10242Mar 16, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks.

  • CVE-2020-10241Mar 16, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF.

  • CVE-2020-10240Mar 16, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.

  • CVE-2015-7339Mar 9, 2020
    risk 0.00cvss epss 0.01

    JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /com_jce/editor/libraries/classes/browser.php script.

  • CVE-2015-2062Feb 8, 2020
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_huge_it_slider page to…

  • CVE-2011-1151Feb 5, 2020
    risk 0.00cvss epss 0.02

    Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters.

  • CVE-2011-4912Feb 4, 2020
    risk 0.00cvss epss 0.01

    Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.

  • CVE-2011-3629Feb 4, 2020
    risk 0.00cvss epss 0.01

    Joomla! core 1.7.1 allows information disclosure due to weak encryption

  • CVE-2011-4937Feb 4, 2020
    risk 0.00cvss epss 0.02

    Joomla! 1.7.1 has core information disclosure due to inadequate error checking.

  • CVE-2020-8419Jan 28, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities.

  • CVE-2020-8421Jan 28, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs.

  • CVE-2020-8420Jan 28, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.

  • CVE-2011-3595Jan 22, 2020
    risk 0.00cvss epss 0.01

    Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters.

  • CVE-2011-4907Jan 15, 2020
    risk 0.00cvss epss 0.01

    Joomla! 1.5x through 1.5.12: Missing JEXEC Check

  • CVE-2012-1562Jan 15, 2020
    risk 0.00cvss epss 0.01

    Joomla! core before 2.5.3 allows unauthorized password change.

  • CVE-2019-20212Jan 13, 2020
    risk 0.00cvss epss 0.03

    The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via the chat widget/page message form.

  • CVE-2019-20211Jan 13, 2020
    risk 0.00cvss epss 0.03

    The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address,…

  • CVE-2019-20210Jan 13, 2020
    risk 0.00cvss epss 0.03

    The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query.

  • CVE-2019-20209Jan 13, 2020
    risk 0.00cvss epss 0.03

    The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing.

  • CVE-2013-3932Jan 2, 2020
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php.

  • CVE-2013-3931Jan 2, 2020
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to inject arbitrary web script or HTML via the property_name parameter, related to editing property…

  • CVE-2019-17527Dec 19, 2019
    risk 0.00cvss epss 0.01

    dataForDepandantField in models/custormfields.php in the JS JOBS FREE extension before 1.2.7 for Joomla! allows SQL Injection via the index.php?option=com_jsjobs&task=customfields.getfieldtitlebyfieldandfieldfo child parameter.

  • CVE-2019-19846Dec 18, 2019
    risk 0.00cvss epss 0.02

    In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.

  • CVE-2019-19845Dec 18, 2019
    risk 0.00cvss epss 0.01

    In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure.

  • CVE-2019-18650Nov 6, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability.

  • CVE-2019-18674Nov 6, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure.

  • CVE-2015-9487Oct 11, 2019
    risk 0.00cvss epss 0.03

    The ThemeMakers Almera Responsive Portfolio theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

  • CVE-2019-15028Aug 14, 2019
    risk 0.00cvss epss 0.01

    In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms.

  • CVE-2019-14654Aug 5, 2019
    risk 0.00cvss epss 0.02

    In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9.

  • CVE-2019-12869Jun 24, 2019
    risk 0.00cvss epss 0.04

    An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to…

  • CVE-2019-12870Jun 24, 2019
    risk 0.00cvss epss 0.04

    An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an…

  • CVE-2019-12871Jun 24, 2019
    risk 0.00cvss epss 0.04

    An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC…

  • CVE-2018-17374Jun 19, 2019
    risk 0.00cvss epss 0.02

    SQL Injection exists in the Auction Factory 4.5.5 component for Joomla! via the filter_order_Dir or filter_order parameter.

  • CVE-2018-17381Jun 19, 2019
    risk 0.00cvss epss 0.02

    SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filter_order_Dir or filter_order parameter.

  • CVE-2018-17386Jun 19, 2019
    risk 0.00cvss epss 0.02

    SQL Injection exists in the Micro Deal Factory 2.4.0 component for Joomla! via the id parameter, or the PATH_INFO to mydeals/ or listdeals/.

  • CVE-2018-17399Jun 19, 2019
    risk 0.00cvss epss 0.02

    SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter.

  • CVE-2019-12766Jun 11, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors.

  • CVE-2019-12764Jun 11, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.7. The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users.

  • CVE-2019-11809May 20, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.

  • CVE-2019-10946Apr 10, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.5. The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users.

Page 17 of 22