Product:

Joomla\!

(Joomla)
Repositories https://github.com/joomla/joomla-cms
#Vulnerabilities 254
Date Id Summary Products Score Patch Annotated
2021-03-04 CVE-2021-23126 An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret. Joomla\! 5.3
2023-05-30 CVE-2023-23754 An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen. Joomla\! 6.1
2023-05-30 CVE-2023-23755 An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods. Joomla\! 7.5
2023-02-01 CVE-2023-23751 An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs. Joomla\! 4.3
2023-02-01 CVE-2023-23750 An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages. Joomla\! 6.3
2019-06-11 CVE-2019-12764 An issue was discovered in Joomla! before 3.9.7. The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users. Joomla\! 6.5
2019-06-11 CVE-2019-12765 An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection. Joomla\! 9.8
2019-06-11 CVE-2019-12766 An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors. Joomla\! 6.1
2022-08-31 CVE-2022-27911 An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes. Joomla\! 5.3
2021-03-04 CVE-2021-26027 An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article. Joomla\! 5.3