Vendor CVEs
Joomla
All CVEs
1,051 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-9712 | 0.00 | — | 0.01 | Mar 12, 2019 | An issue was discovered in Joomla! before 3.9.4. The JSON handler in com_config lacks input validation, leading to XSS. | |||
| CVE-2019-9714 | 0.00 | — | 0.01 | Mar 12, 2019 | An issue was discovered in Joomla! before 3.9.4. The media form field lacks escaping, leading to XSS. | |||
| CVE-2019-9711 | 0.00 | — | 0.01 | Mar 12, 2019 | An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS. | |||
| CVE-2019-9713 | 0.00 | — | 0.02 | Mar 12, 2019 | An issue was discovered in Joomla! before 3.9.4. The sample data plugins lack ACL checks, allowing unauthorized access. | |||
| CVE-2019-7739 | 0.00 | — | 0.01 | Feb 12, 2019 | An issue was discovered in Joomla! before 3.9.3. The "No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior. However, it might be unexpected for the user because the configuration dialog lacks an additional message to explain… | |||
| CVE-2019-7741 | 0.00 | — | 0.01 | Feb 12, 2019 | An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS. | |||
| CVE-2019-7744 | 0.00 | — | 0.01 | Feb 12, 2019 | An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability. | |||
| CVE-2019-7740 | 0.00 | — | 0.01 | Feb 12, 2019 | An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector. | |||
| CVE-2019-7743 | 0.00 | — | 0.03 | Feb 12, 2019 | An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files. | |||
| CVE-2019-7742 | 0.00 | — | 0.01 | Feb 12, 2019 | An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector. | |||
| CVE-2019-6262 | 0.00 | — | 0.01 | Jan 16, 2019 | An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS. | |||
| CVE-2019-6261 | 0.00 | — | 0.01 | Jan 16, 2019 | An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability. | |||
| CVE-2019-6264 | 0.00 | — | 0.01 | Jan 16, 2019 | An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability. | |||
| CVE-2015-8565 | 0.00 | — | 0.03 | Dec 16, 2015 | Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors. | |||
| CVE-2015-8564 | 0.00 | — | 0.03 | Dec 16, 2015 | Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive. | |||
| CVE-2015-8563 | 0.00 | — | 0.01 | Dec 16, 2015 | Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2015-7899 | 0.00 | — | 0.02 | Oct 29, 2015 | The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-7859 | 0.00 | — | 0.02 | Oct 29, 2015 | The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-6939 | 0.00 | — | 0.03 | Sep 18, 2015 | Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-5397 | 0.00 | — | 0.01 | Jul 14, 2015 | Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors. | |||
| CVE-2015-4654 | 0.00 | — | 0.01 | Jun 18, 2015 | SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent. | |||
| CVE-2014-3863 | 0.00 | — | 0.02 | Oct 20, 2014 | Cross-site scripting (XSS) vulnerability in the JChatSocial component before 2.3 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the filename parameter in a file upload in an active JChat chat window. | |||
| CVE-2012-2413 | 0.00 | — | 0.01 | Oct 20, 2014 | Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php. | |||
| CVE-2014-7984 | 0.00 | — | 0.02 | Oct 8, 2014 | Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication. | |||
| CVE-2014-7983 | 0.00 | — | 0.01 | Oct 8, 2014 | Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-7982 | 0.00 | — | 0.01 | Oct 8, 2014 | Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-7229 | 0.00 | — | 0.01 | Oct 8, 2014 | Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2014-6632 | 0.00 | — | 0.02 | Oct 8, 2014 | Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication. | |||
| CVE-2014-6631 | 0.00 | — | 0.01 | Oct 8, 2014 | Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-5956 | 0.00 | — | 0.02 | Apr 25, 2014 | Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php in the Youtube Gallery (com_youtubegallery) component 3.4.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the videofile parameter. | |||
| CVE-2013-5955 | 0.00 | — | 0.02 | Mar 19, 2014 | Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary parameter in an edit action to administrator/index.php. | |||
| CVE-2013-5953 | 0.00 | — | 0.02 | Mar 19, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) calid or (2)… | |||
| CVE-2013-3933 | 0.00 | — | 0.01 | Feb 11, 2014 | Cross-site scripting (XSS) vulnerability in the JoomShopping (com_joomshopping) component before 4.3.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the user_name parameter to index.php. | |||
| CVE-2013-5583 | 0.00 | — | 0.01 | Dec 29, 2013 | Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||
| CVE-2013-5576 | 0.00 | — | 0.48 | Oct 9, 2013 | administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename… | |||
| CVE-2013-3267 | 0.00 | — | 0.01 | May 3, 2013 | Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-3059 | 0.00 | — | 0.01 | May 3, 2013 | Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-3058 | 0.00 | — | 0.01 | May 3, 2013 | Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-3057 | 0.00 | — | 0.01 | May 3, 2013 | Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors. | |||
| CVE-2013-3056 | 0.00 | — | 0.02 | May 3, 2013 | Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors. | |||
| CVE-2013-1455 | 0.00 | — | 0.01 | Feb 13, 2013 | Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable." | |||
| CVE-2013-1454 | 0.00 | — | 0.01 | Feb 13, 2013 | Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors." | |||
| CVE-2012-1599 | 0.00 | — | 0.01 | Dec 3, 2012 | Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611. | |||
| CVE-2012-1598 | 0.00 | — | 0.01 | Dec 3, 2012 | Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability." | |||
| CVE-2012-5827 | 0.00 | — | 0.01 | Nov 11, 2012 | Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection." | |||
| CVE-2012-4532 | 0.00 | — | 0.01 | Oct 31, 2012 | Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. NOTE: some of these details are… | |||
| CVE-2012-4531 | 0.00 | — | 0.02 | Oct 31, 2012 | Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-5455 | 0.00 | — | 0.02 | Oct 22, 2012 | Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error." | |||
| CVE-2011-4911 | 0.00 | — | 0.02 | Oct 7, 2012 | Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors. | |||
| CVE-2011-4910 | 0.00 | — | 0.01 | Oct 7, 2012 | Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. |
- CVE-2019-9712Mar 12, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Joomla! before 3.9.4. The JSON handler in com_config lacks input validation, leading to XSS.
- CVE-2019-9714Mar 12, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Joomla! before 3.9.4. The media form field lacks escaping, leading to XSS.
- CVE-2019-9711Mar 12, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS.
- CVE-2019-9713Mar 12, 2019risk 0.00cvss —epss 0.02
An issue was discovered in Joomla! before 3.9.4. The sample data plugins lack ACL checks, allowing unauthorized access.
- CVE-2019-7739Feb 12, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Joomla! before 3.9.3. The "No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior. However, it might be unexpected for the user because the configuration dialog lacks an additional message to explain…
- CVE-2019-7741Feb 12, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS.
- CVE-2019-7744Feb 12, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability.
- CVE-2019-7740Feb 12, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector.
- CVE-2019-7743Feb 12, 2019risk 0.00cvss —epss 0.03
An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files.
- CVE-2019-7742Feb 12, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector.
- CVE-2019-6262Jan 16, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS.
- CVE-2019-6261Jan 16, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability.
- CVE-2019-6264Jan 16, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability.
- CVE-2015-8565Dec 16, 2015risk 0.00cvss —epss 0.03
Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.
- CVE-2015-8564Dec 16, 2015risk 0.00cvss —epss 0.03
Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.
- CVE-2015-8563Dec 16, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2015-7899Oct 29, 2015risk 0.00cvss —epss 0.02
The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
- CVE-2015-7859Oct 29, 2015risk 0.00cvss —epss 0.02
The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
- CVE-2015-6939Sep 18, 2015risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2015-5397Jul 14, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors.
- CVE-2015-4654Jun 18, 2015risk 0.00cvss —epss 0.01
SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.
- CVE-2014-3863Oct 20, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the JChatSocial component before 2.3 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the filename parameter in a file upload in an active JChat chat window.
- CVE-2012-2413Oct 20, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php.
- CVE-2014-7984Oct 8, 2014risk 0.00cvss —epss 0.02
Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication.
- CVE-2014-7983Oct 8, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-7982Oct 8, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-7229Oct 8, 2014risk 0.00cvss —epss 0.01
Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors.
- CVE-2014-6632Oct 8, 2014risk 0.00cvss —epss 0.02
Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication.
- CVE-2014-6631Oct 8, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-5956Apr 25, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php in the Youtube Gallery (com_youtubegallery) component 3.4.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the videofile parameter.
- CVE-2013-5955Mar 19, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary parameter in an edit action to administrator/index.php.
- CVE-2013-5953Mar 19, 2014risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) calid or (2)…
- CVE-2013-3933Feb 11, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the JoomShopping (com_joomshopping) component before 4.3.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the user_name parameter to index.php.
- CVE-2013-5583Dec 29, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
- CVE-2013-5576Oct 9, 2013risk 0.00cvss —epss 0.48
administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename…
- CVE-2013-3267May 3, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-3059May 3, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-3058May 3, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-3057May 3, 2013risk 0.00cvss —epss 0.01
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors.
- CVE-2013-3056May 3, 2013risk 0.00cvss —epss 0.02
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors.
- CVE-2013-1455Feb 13, 2013risk 0.00cvss —epss 0.01
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable."
- CVE-2013-1454Feb 13, 2013risk 0.00cvss —epss 0.01
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors."
- CVE-2012-1599Dec 3, 2012risk 0.00cvss —epss 0.01
Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611.
- CVE-2012-1598Dec 3, 2012risk 0.00cvss —epss 0.01
Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."
- CVE-2012-5827Nov 11, 2012risk 0.00cvss —epss 0.01
Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection."
- CVE-2012-4532Oct 31, 2012risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. NOTE: some of these details are…
- CVE-2012-4531Oct 31, 2012risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2012-5455Oct 22, 2012risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error."
- CVE-2011-4911Oct 7, 2012risk 0.00cvss —epss 0.02
Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors.
- CVE-2011-4910Oct 7, 2012risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
Page 18 of 22