Filtered by vendor Joomla
Subscriptions
Filtered by product Joomla\!
Subscriptions
Total
583 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-23797 | 1 Joomla | 1 Joomla\! | 2022-12-22 | 9.8 Critical |
| An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection. | ||||
| CVE-2020-35613 | 1 Joomla | 1 Joomla\! | 2022-12-22 | 9.8 Critical |
| An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list. | ||||
| CVE-2021-26031 | 1 Joomla | 1 Joomla\! | 2022-12-22 | 5.3 Medium |
| An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI. | ||||
| CVE-2021-23123 | 1 Joomla | 1 Joomla\! | 2022-12-22 | 5.3 Medium |
| An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition endpoint of com_modules leak names of unpublished and/or inaccessible modules. | ||||
| CVE-2020-35614 | 1 Joomla | 1 Joomla\! | 2022-12-22 | 5.3 Medium |
| An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper handling of the username leads to a user enumeration attack vector in the backend login page. | ||||
| CVE-2021-23131 | 1 Joomla | 1 Joomla\! | 2022-12-22 | 7.5 High |
| An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager. | ||||
| CVE-2020-35610 | 1 Joomla | 1 Joomla\! | 2022-12-22 | 7.5 High |
| An issue was discovered in Joomla! 2.5.0 through 3.9.22. The autosuggestion feature of com_finder did not respect the access level of the corresponding terms. | ||||
| CVE-2022-23794 | 1 Joomla | 1 Joomla\! | 2022-12-22 | 5.3 Medium |
| An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application. | ||||
| CVE-2022-23800 | 1 Joomla | 1 Joomla\! | 2022-12-22 | 6.1 Medium |
| An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components. | ||||
| CVE-2021-23132 | 1 Joomla | 1 Joomla\! | 2022-12-22 | 7.5 High |
| An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads | ||||
| CVE-2021-26039 | 1 Joomla | 1 Joomla\! | 2022-12-22 | 6.1 Medium |
| An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability. | ||||
| CVE-2020-35611 | 1 Joomla | 1 Joomla\! | 2022-12-22 | 7.5 High |
| An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values. | ||||
| CVE-2020-35612 | 1 Joomla | 1 Joomla\! | 2022-12-22 | 7.5 High |
| An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability. | ||||
| CVE-2021-26036 | 1 Joomla | 1 Joomla\! | 2022-12-22 | 7.5 High |
| An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table. | ||||
| CVE-2021-26034 | 1 Joomla | 1 Joomla\! | 2022-12-22 | 6.5 Medium |
| An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo. | ||||
| CVE-2021-23124 | 1 Joomla | 1 Joomla\! | 2022-12-22 | 6.1 Medium |
| An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks. | ||||
| CVE-2021-23127 | 1 Joomla | 1 Joomla\! | 2022-12-22 | 9.1 Critical |
| An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes. | ||||
| CVE-2022-23798 | 1 Joomla | 1 Joomla\! | 2022-12-22 | 6.1 Medium |
| An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not. | ||||
| CVE-2009-4157 | 2 Joomla, Joomlatune | 2 Joomla\!, Com Proofreader | 2022-10-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in the ProofReader (com_proofreader) component 1.0 RC9 and earlier for Joomla! allow remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in (1) 404 or (2) error pages. | ||||
| CVE-2009-4785 | 2 Bhavesh Chauhan, Joomla | 2 Com Quicknews, Joomla\! | 2022-10-03 | N/A |
| SQL injection vulnerability in the Quick News (com_quicknews) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a view_item action to index.php. | ||||