Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Joomla\!
(Joomla)Repositories | https://github.com/joomla/joomla-cms |
#Vulnerabilities | 254 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-06-11 | CVE-2019-12766 | An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors. | Joomla\! | 6.1 | ||
2022-08-31 | CVE-2022-27911 | An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes. | Joomla\! | 5.3 | ||
2021-03-04 | CVE-2021-26027 | An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article. | Joomla\! | 5.3 | ||
2021-03-04 | CVE-2021-26029 | An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field. | Joomla\! | 5.3 | ||
2022-03-30 | CVE-2022-23793 | An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path. | Joomla\! | 7.5 | ||
2022-03-30 | CVE-2022-23794 | An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application. | Joomla\! | 5.3 | ||
2022-03-30 | CVE-2022-23795 | An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover. | Joomla\! | 9.8 | ||
2022-03-30 | CVE-2022-23796 | An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields. | Joomla\! | 6.1 | ||
2022-03-30 | CVE-2022-23797 | An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection. | Joomla\! | 9.8 | ||
2022-03-30 | CVE-2022-23798 | An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not. | Joomla\! | 6.1 |