Product:

Joomla\!

(Joomla)
Repositories https://github.com/joomla/joomla-cms
#Vulnerabilities 274
Date Id Summary Products Score Patch Annotated
2019-02-12 CVE-2019-7742 An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector. Joomla\! 6.1
2019-02-12 CVE-2019-7741 An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS. Joomla\! 6.1
2019-02-12 CVE-2019-7740 An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector. Joomla\! 6.1
2019-02-12 CVE-2019-7739 An issue was discovered in Joomla! before 3.9.3. The "No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior. However, it might be unexpected for the user because the configuration dialog lacks an additional message to explain this. Joomla\! 6.1
2019-01-16 CVE-2019-6264 An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability. Joomla\! 6.1
2019-01-16 CVE-2019-6263 An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS. Joomla\! 4.8
2019-01-16 CVE-2019-6262 An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS. Joomla\! 5.4
2019-01-16 CVE-2019-6261 An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability. Joomla\! 6.1
2019-04-10 CVE-2019-10946 An issue was discovered in Joomla! before 3.9.5. The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users. Joomla\! 7.5
2019-04-10 CVE-2019-10945 An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory. Joomla\! 9.8