Joomla ! vulnerabilities
296 known vulnerabilities affecting joomla/joomla_!.
Total CVEs
296
CISA KEV
2
actively exploited
Public exploits
23
Exploited in wild
8
Severity breakdown
CRITICAL38HIGH74MEDIUM182LOW2
Vulnerabilities
Page 11 of 15
CVE-2021-26029P4MEDIUMCVSS 5.3≥ 1.6.0, < 3.9.252021-03-04
CVE-2021-26029 [MEDIUM] CVE-2021-26029: An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could
An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field.
nvd
CVE-2021-23123P4MEDIUMCVSS 5.3≥ 3.0.0, ≤ 3.9.232021-01-12
CVE-2021-23123 [MEDIUM] CWE-862 CVE-2021-23123: An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition
An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition endpoint of com_modules leak names of unpublished and/or inaccessible modules.
nvd
CVE-2021-26027P4MEDIUMCVSS 5.3≥ 3.0.0, < 3.9.252021-03-04
CVE-2021-26027 [MEDIUM] CWE-863 CVE-2021-26027: An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthoriz
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article.
nvd
CVE-2019-15028P4MEDIUMCVSS 5.3≥ 1.6.2, < 3.9.112019-08-14
CVE-2019-15028 [MEDIUM] CVE-2019-15028: In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled f
In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms.
nvd
CVE-2022-23794P4MEDIUMCVSS 5.3≥ 3.0.0, ≤ 3.10.6≥ 4.0.0, ≤ 4.1.02022-03-30
CVE-2022-23794 [MEDIUM] CWE-209 CVE-2022-23794: An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application.
nvd
CVE-2019-6262P4MEDIUMCVSS 5.4≥ 2.5.0, < 3.9.22019-01-16
CVE-2019-6262 [MEDIUM] CWE-79 CVE-2019-6262: An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpu
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS.
nvd
CVE-2011-4912P4MEDIUMCVSS 5.3≥ 1.5.0, ≤ 1.5.132020-02-04
CVE-2011-4912 [MEDIUM] CWE-732 CVE-2011-4912: Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.
Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.
nvd
CVE-2011-4911P4MEDIUMCVSS 5.0≤ 1.5.11v1.5.0+10 more2012-10-07
CVE-2011-4911 [MEDIUM] CWE-20 CVE-2011-4911: Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attac
Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors.
nvd
CVE-2022-27912P4MEDIUMCVSS 5.3≥ 4.0.0, ≤ 4.2.32022-10-25
CVE-2022-27912 [MEDIUM] CWE-200 CVE-2022-27912: An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode expos
An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests.
nvd
CVE-2022-27911P4MEDIUMCVSS 5.3v4.2.02022-08-31
CVE-2022-27911 [MEDIUM] CVE-2022-27911: An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC
An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes.
nvd
CVE-2026-21632P4MEDIUMCVSS 5.4≥ 3.0.0, < 5.4.4≥ 6.0.0, < 6.0.42026-04-01
CVE-2026-21632 [MEDIUM] CWE-79 CVE-2026-21632: Lack of output escaping for article titles leads to XSS vectors in various locations.
Lack of output escaping for article titles leads to XSS vectors in various locations.
nvd
CVE-2017-7985P4MEDIUMCVSS 6.1≥ 1.5.0, ≤ 3.6.52017-04-25
CVE-2017-7985 [MEDIUM] CWE-79 CVE-2017-7985: In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.
nvd
CVE-2021-26032P4MEDIUMCVSS 6.1≥ 3.0.0, ≤ 3.9.262021-05-26
CVE-2021-26032 [MEDIUM] CWE-79 CVE-2021-26032: An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was missing in the executable block li
An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors.
nvd
CVE-2021-23125P4MEDIUMCVSS 6.1≥ 3.1.0, ≤ 3.9.232021-01-12
CVE-2021-23125 [MEDIUM] CWE-79 CVE-2021-23125: An issue was discovered in Joomla! 3.1.0 through 3.9.23. The lack of escaping of image-related param
An issue was discovered in Joomla! 3.1.0 through 3.9.23. The lack of escaping of image-related parameters in multiple com_tags views cause lead to XSS attack vectors.
nvd
CVE-2019-9712P4MEDIUMCVSS 6.1≥ 3.2.0, < 3.9.42019-03-12
CVE-2019-9712 [MEDIUM] CWE-79 CVE-2019-9712: An issue was discovered in Joomla! before 3.9.4. The JSON handler in com_config lacks input validati
An issue was discovered in Joomla! before 3.9.4. The JSON handler in com_config lacks input validation, leading to XSS.
nvd
CVE-2022-23800P4MEDIUMCVSS 6.1≥ 4.0.0, ≤ 4.1.02022-03-30
CVE-2022-23800 [MEDIUM] CWE-79 CVE-2022-23800: An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vu
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components.
nvd
CVE-2022-27914P4MEDIUMCVSS 6.1≥ 4.0.0, < 4.2.52022-11-08
CVE-2022-27914 [MEDIUM] CWE-79 CVE-2022-27914: An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially maliciou
An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.
nvd
CVE-2024-26278P4MEDIUMCVSS 6.1≥ 3.7.0, < 3.10.16≥ 4.0.0, < 4.4.6+1 more2024-07-09
CVE-2024-26278 [MEDIUM] CWE-79 CVE-2024-26278: The Custom Fields component not correctly filter inputs, leading to a XSS vector.
The Custom Fields component not correctly filter inputs, leading to a XSS vector.
nvd
CVE-2023-23754P4MEDIUMCVSS 6.1≥ 4.2.0, < 4.3.22023-05-30
CVE-2023-23754 [MEDIUM] CWE-20 CVE-2023-23754: An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redi
An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.
nvd
CVE-2022-27913P4MEDIUMCVSS 6.1≥ 4.0.0, ≤ 4.2.32022-10-25
CVE-2022-27913 [MEDIUM] CWE-79 CVE-2022-27913: An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially maliciou
An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components.
nvd