Joomla ! vulnerabilities
296 known vulnerabilities affecting joomla/joomla_!.
Total CVEs
296
CISA KEV
2
actively exploited
Public exploits
23
Exploited in wild
8
Severity breakdown
CRITICAL38HIGH74MEDIUM182LOW2
Vulnerabilities
Page 12 of 15
CVE-2024-40743P4MEDIUMCVSS 6.1≥ 3.0.0, < 3.10.17≥ 4.0.0, < 4.4.6+1 more2024-08-20
CVE-2024-40743 [MEDIUM] CWE-79 CVE-2024-40743: The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors.
The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors.
nvd
CVE-2021-26028P4MEDIUMCVSS 5.5≥ 3.0.0, < 3.9.252021-03-04
CVE-2021-26028 [MEDIUM] CWE-22 CVE-2021-26028: An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip packag
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path.
nvd
CVE-2017-7983P4MEDIUMCVSS 5.3v1.5.0v1.5.1+105 more2017-04-25
CVE-2017-7983 [MEDIUM] CWE-200 CVE-2017-7983: In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMa
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.
nvd
CVE-2012-0819P4MEDIUMCVSS 5.0v1.6v1.6.0+9 more2012-09-06
CVE-2012-0819 [MEDIUM] CVE-2012-0819: Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain
Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0821.
nvd
CVE-2012-0821P4MEDIUMCVSS 5.0v1.6v1.6.0+9 more2012-09-06
CVE-2012-0821 [MEDIUM] CVE-2012-0821: Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain
Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0819.
nvd
CVE-2017-7988P4MEDIUMCVSS 5.3v1.5.16v1.5.17+89 more2017-04-25
CVE-2017-7988 [MEDIUM] CVE-2017-7988: In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwr
In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article.
nvd
CVE-2024-21730P4MEDIUMCVSS 5.4≥ 4.0.0, < 4.4.6≥ 5.0.0, < 5.1.22024-07-09
CVE-2024-21730 [MEDIUM] CWE-79 CVE-2024-21730: The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector.
The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector.
nvd
CVE-2017-11612P4MEDIUMCVSS 6.1v1.5.0v1.5.1+112 more2017-07-26
CVE-2017-11612 [MEDIUM] CWE-79 CVE-2017-11612: In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulner
In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.
nvd
CVE-2017-7986P4MEDIUMCVSS 6.1v1.5.0v1.5.1+105 more2017-04-25
CVE-2017-7986 [MEDIUM] CWE-79 CVE-2017-7986: In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes le
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.
nvd
CVE-2019-9714P4MEDIUMCVSS 6.1≥ 3.0.0, < 3.9.42019-03-12
CVE-2019-9714 [MEDIUM] CWE-79 CVE-2019-9714: An issue was discovered in Joomla! before 3.9.4. The media form field lacks escaping, leading to XSS
An issue was discovered in Joomla! before 3.9.4. The media form field lacks escaping, leading to XSS.
nvd
CVE-2019-9711P4MEDIUMCVSS 6.1≥ 3.0.0, < 3.9.42019-03-12
CVE-2019-9711 [MEDIUM] CWE-79 CVE-2019-9711: An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping,
An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS.
nvd
CVE-2024-26279P4MEDIUMCVSS 6.1≥ 3.0.0, < 3.10.16≥ 4.0.0, < 4.4.6+1 more2024-07-09
CVE-2024-26279 [MEDIUM] CWE-79 CVE-2024-26279: The wrapper extensions do not correctly validate inputs, leading to XSS vectors.
The wrapper extensions do not correctly validate inputs, leading to XSS vectors.
nvd
CVE-2024-27186P4MEDIUMCVSS 6.1≥ 4.0.0, < 4.4.7≥ 5.0.0, < 5.1.32024-08-20
CVE-2024-27186 [MEDIUM] CWE-79 CVE-2024-27186: The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions.
The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions.
nvd
CVE-2011-3595P4MEDIUMCVSS 5.4≤ 1.7.02020-01-22
CVE-2011-3595 [MEDIUM] CWE-79 CVE-2011-3595: Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in t
Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters.
nvd
CVE-2012-0837P4MEDIUMCVSS 5.0v1.7.0v1.7.1+4 more2012-09-06
CVE-2012-0837 [MEDIUM] CWE-200 CVE-2012-0837: Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path v
Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator."
nvd
CVE-2013-3056P4MEDIUMCVSS 4.0v2.5.0v2.5.1+12 more2013-05-03
CVE-2013-3056 [MEDIUM] CWE-264 CVE-2013-3056: Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass inten
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors.
nvd
CVE-2013-3057P4MEDIUMCVSS 4.0v2.5.0v2.5.1+12 more2013-05-03
CVE-2013-3057 [MEDIUM] CWE-264 CVE-2013-3057: Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass inten
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors.
nvd
CVE-2012-2748P4MEDIUMCVSS 5.0v2.5.0v2.5.1+3 more2012-07-03
CVE-2012-2748 [MEDIUM] CVE-2012-2748: Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to "Inadequate filtering" and a "SQL error."
nvd
CVE-2018-11328P4MEDIUMCVSS 4.7fixed in 3.8.82018-05-22
CVE-2018-11328 [MEDIUM] CWE-79 CVE-2018-11328: An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issue
An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability.
nvd
CVE-2017-8057P4MEDIUMCVSS 5.3v3.4.0v3.4.1+15 more2017-04-25
CVE-2017-8057 [MEDIUM] CWE-200 CVE-2017-8057: In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on syst
In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting.
nvd