VYPR

Vendor CVEs

Joomla

All CVEs

1,051 total · sorted by risk
  • CVE-2019-9712Mar 12, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.4. The JSON handler in com_config lacks input validation, leading to XSS.

  • CVE-2019-9714Mar 12, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.4. The media form field lacks escaping, leading to XSS.

  • CVE-2019-9711Mar 12, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS.

  • CVE-2019-9713Mar 12, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in Joomla! before 3.9.4. The sample data plugins lack ACL checks, allowing unauthorized access.

  • CVE-2019-7739Feb 12, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.3. The "No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior. However, it might be unexpected for the user because the configuration dialog lacks an additional message to explain…

  • CVE-2019-7741Feb 12, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS.

  • CVE-2019-7744Feb 12, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability.

  • CVE-2019-7740Feb 12, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector.

  • CVE-2019-7743Feb 12, 2019
    risk 0.00cvss epss 0.03

    An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files.

  • CVE-2019-7742Feb 12, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector.

  • CVE-2019-6262Jan 16, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS.

  • CVE-2019-6261Jan 16, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability.

  • CVE-2019-6264Jan 16, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability.

  • CVE-2015-8565Dec 16, 2015
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.

  • CVE-2015-8564Dec 16, 2015
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.

  • CVE-2015-8563Dec 16, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2015-7899Oct 29, 2015
    risk 0.00cvss epss 0.02

    The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2015-7859Oct 29, 2015
    risk 0.00cvss epss 0.02

    The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2015-6939Sep 18, 2015
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-5397Jul 14, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors.

  • CVE-2015-4654Jun 18, 2015
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.

  • CVE-2014-3863Oct 20, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the JChatSocial component before 2.3 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the filename parameter in a file upload in an active JChat chat window.

  • CVE-2012-2413Oct 20, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php.

  • CVE-2014-7984Oct 8, 2014
    risk 0.00cvss epss 0.02

    Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication.

  • CVE-2014-7983Oct 8, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2014-7982Oct 8, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2014-7229Oct 8, 2014
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors.

  • CVE-2014-6632Oct 8, 2014
    risk 0.00cvss epss 0.02

    Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication.

  • CVE-2014-6631Oct 8, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2013-5956Apr 25, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php in the Youtube Gallery (com_youtubegallery) component 3.4.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the videofile parameter.

  • CVE-2013-5955Mar 19, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary parameter in an edit action to administrator/index.php.

  • CVE-2013-5953Mar 19, 2014
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) calid or (2)…

  • CVE-2013-3933Feb 11, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the JoomShopping (com_joomshopping) component before 4.3.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the user_name parameter to index.php.

  • CVE-2013-5583Dec 29, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

  • CVE-2013-5576Oct 9, 2013
    risk 0.00cvss epss 0.48

    administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename…

  • CVE-2013-3267May 3, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2013-3059May 3, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2013-3058May 3, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2013-3057May 3, 2013
    risk 0.00cvss epss 0.01

    Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors.

  • CVE-2013-3056May 3, 2013
    risk 0.00cvss epss 0.02

    Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors.

  • CVE-2013-1455Feb 13, 2013
    risk 0.00cvss epss 0.01

    Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable."

  • CVE-2013-1454Feb 13, 2013
    risk 0.00cvss epss 0.01

    Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors."

  • CVE-2012-1599Dec 3, 2012
    risk 0.00cvss epss 0.01

    Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611.

  • CVE-2012-1598Dec 3, 2012
    risk 0.00cvss epss 0.01

    Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."

  • CVE-2012-5827Nov 11, 2012
    risk 0.00cvss epss 0.01

    Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection."

  • CVE-2012-4532Oct 31, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. NOTE: some of these details are…

  • CVE-2012-4531Oct 31, 2012
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-5455Oct 22, 2012
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error."

  • CVE-2011-4911Oct 7, 2012
    risk 0.00cvss epss 0.02

    Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors.

  • CVE-2011-4910Oct 7, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Page 18 of 22