Joomla Joomla-Cms vulnerabilities

8 known vulnerabilities affecting joomla/joomla-cms.

Total CVEs

8

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH1MEDIUM4LOW2

Vulnerabilities

Page 1 of 1

CVE-2025-25227HIGH≥ 5.0.0, < 5.2.6≥ 4.0.0, < 4.4.132025-04-08

CVE-2025-25227 [HIGH] CWE-287 Joomla CMS Multi-Factor Authentication Bypass Joomla CMS Multi-Factor Authentication Bypass Insufficient state checks lead to a vector that allows to bypass 2FA checks.

CVE-2019-16725MEDIUM≥ 3.0.0, < 3.9.122022-05-24

CVE-2019-16725 [MEDIUM] CWE-79 Joomla! XSS in Default Templates Joomla! XSS in Default Templates In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates.

CVE-2013-5583LOW≥ 0, < 3.1.62022-05-17

CVE-2013-5583 [LOW] CWE-79 Joomla! Cross-site Scripting vulnerability Joomla! Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

CVE-2011-4332LOW≥ 0, < 1.6.42022-05-17

CVE-2011-4332 [LOW] CWE-79 Joomla! vulnerable to Cross-site Scripting Joomla! vulnerable to Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2011-2509MEDIUM≥ 0, < 1.6.42022-05-14

CVE-2011-2509 [MEDIUM] CWE-79 Joomla! vulnerable to Cross-site Scripting Joomla! vulnerable to Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component, as demonstrated by the Itemid parameter to index.php; (2) the query string to the com_content component, as demonstrated by the filter_order parameter to index.php; (3) the query string to t

CVE-2010-1649MEDIUM≥ 1.5, < 1.5.182022-05-14

CVE-2010-1649 [MEDIUM] CWE-79 Joomla! vulnerable to Cross-site Scripting Joomla! vulnerable to Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php.

CVE-2018-11326MEDIUM≥ 3.0.0, < 3.8.82022-05-14

CVE-2018-11326 [MEDIUM] CWE-79 Joomla! XSS Vulnerability Joomla! XSS Vulnerability An issue was discovered in Joomla! Core starting in 3.0.0 and prior to 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack.

CVE-2019-7743CRITICAL≥ 2.5.0, < 3.9.32022-05-13

CVE-2019-7743 [CRITICAL] CWE-502 Joomla! Object Injection Vulnerability Joomla! Object Injection Vulnerability An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for object injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files.