Joomla ! vulnerabilities
296 known vulnerabilities affecting joomla/joomla_!.
Total CVEs
296
CISA KEV
2
actively exploited
Public exploits
23
Exploited in wild
8
Severity breakdown
CRITICAL38HIGH74MEDIUM182LOW2
Vulnerabilities
Page 13 of 15
CVE-2012-0835P4MEDIUMCVSS 5.0v1.7.0v1.7.1+4 more2012-09-06
CVE-2012-0835 [MEDIUM] CVE-2012-0835: Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to o
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain sensitive information via unknown vectors related to "administrator."
nvd
CVE-2013-1455P4MEDIUMCVSS 5.0v3.0.0v3.0.12013-02-13
CVE-2013-1455 [MEDIUM] CWE-200 CVE-2013-1455: Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable."
nvd
CVE-2013-1454P4MEDIUMCVSS 5.0v3.0.0v3.0.1+1 more2013-02-13
CVE-2013-1454 [MEDIUM] CWE-200 CVE-2013-1454: Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors."
nvd
CVE-2009-3946P4MEDIUMCVSS 5.0≤ 1.5.14v1.5.0+13 more2009-11-16
CVE-2009-3946 [MEDIUM] CWE-200 CVE-2009-3946: Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain th
Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request.
nvd
CVE-2018-11326P4MEDIUMCVSS 4.8fixed in 3.8.82018-05-22
CVE-2018-11326 [MEDIUM] CWE-79 CVE-2018-11326: An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple
An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack.
nvd
CVE-2017-16633P4MEDIUMCVSS 4.3≥ 3.7.0, ≤ 3.8.12017-11-10
CVE-2017-16633 [MEDIUM] CWE-200 CVE-2017-16633: In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's cust
In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.
nvd
CVE-2018-17859P4MEDIUMCVSS 4.3≥ 2.5.0, < 3.8.132018-10-09
CVE-2018-17859 [MEDIUM] CVE-2018-17859: An issue was discovered in Joomla! before 3.8.13. Inadequate checks in com_contact could allow mail
An issue was discovered in Joomla! before 3.8.13. Inadequate checks in com_contact could allow mail submission in disabled forms.
nvd
CVE-2012-5827P4MEDIUMCVSS 4.3v2.5.0v2.5.1+6 more2012-11-11
CVE-2012-5827 [MEDIUM] CVE-2012-5827: Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking at
Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection."
nvd
CVE-2018-17857P4MEDIUMCVSS 4.3≥ 3.1.0, < 3.8.132018-10-09
CVE-2018-17857 [MEDIUM] CWE-863 CVE-2018-17857: An issue was discovered in Joomla! before 3.8.13. Inadequate checks on the tags search fields can le
An issue was discovered in Joomla! before 3.8.13. Inadequate checks on the tags search fields can lead to an access level violation.
nvd
CVE-2023-23751P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 4.2.42023-02-01
CVE-2023-23751 [MEDIUM] CWE-863 CVE-2023-23751: An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin u
An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.
nvd
CVE-2026-48900P4MEDIUMCVSS 4.3≥ 4.1.0, < 5.4.6≥ 6.0.0, < 6.1.12026-05-26
CVE-2026-48900 [MEDIUM] CWE-284 CVE-2026-48900: An improper access check allowed low privileged users to edit the task types of existing scheduler t
An improper access check allowed low privileged users to edit the task types of existing scheduler tasks.
nvd
CVE-2015-5608P4MEDIUMCVSS 6.1v3.0.0v3.0.1+26 more2017-09-20
CVE-2015-5608 [MEDIUM] CWE-601 CVE-2015-5608: Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.
Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.
nvd
CVE-2011-2488P4MEDIUMCVSS 5.0≤ 1.5.22v1.5.0+21 more2011-07-27
CVE-2011-2488 [MEDIUM] CWE-200 CVE-2011-2488: Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain se
Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors.
nvd
CVE-2014-7229P4MEDIUMCVSS 5.0v2.5.4v2.5.5+29 more2014-10-08
CVE-2014-7229 [MEDIUM] CVE-2014-7229: Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before
Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors.
nvd
CVE-2012-0836P4MEDIUMCVSS 5.0v1.7.0v1.7.1+3 more2012-09-06
CVE-2012-0836 [MEDIUM] CVE-2012-0836: Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via u
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors.
nvd
CVE-2012-3829P4MEDIUMCVSS 5.0v2.5.32012-07-03
CVE-2012-3829 [MEDIUM] CWE-200 CVE-2012-3829: Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header.
Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header.
nvd
CVE-2015-6939P4MEDIUMCVSS 4.3v3.4.0v3.4.1+2 more2015-09-18
CVE-2015-6939 [MEDIUM] CWE-79 CVE-2015-6939: Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows re
Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2012-4531P4MEDIUMCVSS 4.3v2.5.0v2.5.1+5 more2012-10-31
CVE-2012-4531 [MEDIUM] CWE-79 CVE-2012-4531: Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to in
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2012-3828P4MEDIUMCVSS 4.3v2.5.32012-07-03
CVE-2012-3828 [MEDIUM] CWE-79 CVE-2012-3828: Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrar
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header.
nvd
CVE-2012-0820P4MEDIUMCVSS 4.3v1.6v1.6.0+9 more2012-09-06
CVE-2012-0820 [MEDIUM] CWE-79 CVE-2012-0820: Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attac
Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0822.
nvd