cbcvebase.

Joomla ! vulnerabilities

296 known vulnerabilities affecting joomla/joomla_!.

Total CVEs
296
CISA KEV
2
actively exploited
Public exploits
23
Exploited in wild
8
Severity breakdown
CRITICAL38HIGH74MEDIUM182LOW2

Vulnerabilities

Page 10 of 15
CVE-2020-15699P4MEDIUMCVSS 5.3≥ 2.5.0, ≤ 3.9.192020-07-15
CVE-2020-15699 [MEDIUM] CWE-345 CVE-2020-15699: An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site configuration.
nvd
CVE-2011-4321P4MEDIUMCVSS 5.0v1.5.0v1.5.1+23 more2011-11-23
CVE-2011-4321 [MEDIUM] CWE-310 CVE-2011-4321: The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which mak The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors.
nvd
CVE-2018-6378P4MEDIUMCVSS 6.1fixed in 3.8.82018-05-22
CVE-2018-6378 [MEDIUM] CWE-79 CVE-2018-6378: In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS att In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager.
nvd
CVE-2020-13761P4MEDIUMCVSS 6.1≥ 3.0.1, < 3.9.19v3.0.02020-06-02
CVE-2020-13761 [MEDIUM] CWE-79 CVE-2020-13761: In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - News In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS.
nvd
CVE-2020-13762P4MEDIUMCVSS 6.1≥ 3.9.0, < 3.9.192020-06-02
CVE-2020-13762 [MEDIUM] CWE-79 CVE-2020-13762: In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows XSS.
nvd
CVE-2020-8421P4MEDIUMCVSS 6.1≥ 3.9.0, < 3.9.142020-01-28
CVE-2020-8421 [MEDIUM] CWE-79 CVE-2020-8421: An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attack An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs.
nvd
CVE-2021-23130P4MEDIUMCVSS 6.1≥ 2.5.0, < 3.9.252021-03-04
CVE-2021-23130 [MEDIUM] CWE-79 CVE-2021-23130: An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead to xss issues.
nvd
CVE-2021-23129P4MEDIUMCVSS 6.1≥ 2.5.0, < 3.9.252021-03-04
CVE-2021-23129 [MEDIUM] CWE-79 CVE-2021-23129: An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to use An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues.
nvd
CVE-2019-12766P4MEDIUMCVSS 6.1≥ 3.6.0, ≤ 3.9.62019-06-11
CVE-2019-12766 [MEDIUM] CWE-79 CVE-2019-12766: An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors.
nvd
CVE-2019-7744P4MEDIUMCVSS 6.1≥ 2.5.0, ≤ 3.9.22019-02-12
CVE-2019-7744 [MEDIUM] CWE-79 CVE-2019-7744: An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability.
nvd
CVE-2019-7740P4MEDIUMCVSS 6.1≥ 2.5.0, ≤ 3.9.22019-02-12
CVE-2019-7740 [MEDIUM] CWE-79 CVE-2019-7740: An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (c An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector.
nvd
CVE-2017-7987P4MEDIUMCVSS 6.1v3.2.0v3.2.1+26 more2017-04-25
CVE-2017-7987 [MEDIUM] CWE-79 CVE-2017-7987: In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.
nvd
CVE-2017-7984P4MEDIUMCVSS 6.1v3.2.0v3.2.1+26 more2017-04-25
CVE-2017-7984 [MEDIUM] CWE-79 CVE-2017-7984: In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template m In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component.
nvd
CVE-2019-16725P4MEDIUMCVSS 6.1≥ 3.0.0, < 3.9.122019-09-24
CVE-2019-16725 [MEDIUM] CWE-79 CVE-2019-16725: In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of th In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates.
nvd
CVE-2022-23801P4MEDIUMCVSS 6.1≥ 4.0.0, ≤ 4.1.02022-03-30
CVE-2022-23801 [MEDIUM] CWE-79 CVE-2022-23801: An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedd An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media.
nvd
CVE-2024-40747P4MEDIUMCVSS 6.1≥ 4.0.0, < 4.4.10≥ 5.0.0, < 5.2.32025-01-07
CVE-2024-40747 [MEDIUM] CWE-79 CVE-2024-40747: Various module chromes didn't properly process inputs, leading to XSS vectors. Various module chromes didn't properly process inputs, leading to XSS vectors.
nvd
CVE-2024-27184P4MEDIUMCVSS 6.1≥ 3.4.6, < 3.10.17≥ 4.0.0, < 4.4.7+1 more2024-08-20
CVE-2024-27184 [MEDIUM] CWE-601 CVE-2024-27184: Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not..
nvd
CVE-2009-3945P4MEDIUMCVSS 5.5≤ 1.5.14v1.5.0+13 more2009-11-16
CVE-2009-3945 [MEDIUM] CVE-2009-3945: Unspecified vulnerability in the Front-End Editor in the com_content component in Joomla! before 1.5 Unspecified vulnerability in the Front-End Editor in the com_content component in Joomla! before 1.5.15 allows remote authenticated users, with Author privileges, to replace the articles of an arbitrary user via unknown vectors.
nvd
CVE-2015-7859P4MEDIUMCVSS 5.0v3.2.0v3.2.1+13 more2015-10-29
CVE-2015-7859 [MEDIUM] CWE-200 CVE-2015-7859: The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which all The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
nvd
CVE-2015-7899P4MEDIUMCVSS 5.0v3.2.0v3.2.1+13 more2015-10-29
CVE-2015-7899 [MEDIUM] CWE-284 CVE-2015-7899: The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows rem The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
nvd
Joomla ! vulnerabilities | cvebase