cbcvebase.

Joomla ! vulnerabilities

296 known vulnerabilities affecting joomla/joomla_!.

Total CVEs
296
CISA KEV
2
actively exploited
Public exploits
23
Exploited in wild
8
Severity breakdown
CRITICAL38HIGH74MEDIUM182LOW2

Vulnerabilities

Page 14 of 15
CVE-2012-0822P4MEDIUMCVSS 4.3v1.6v1.6.0+9 more2012-09-06
CVE-2012-0822 [MEDIUM] CVE-2012-0822: Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x before 1.7.4 allows remote attacke Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0820.
nvd
CVE-2018-11327P4MEDIUMCVSS 4.3fixed in 3.8.82018-05-22
CVE-2018-11327 [MEDIUM] CWE-200 CVE-2018-11327: An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the nam An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission.
nvd
CVE-2020-15697P4MEDIUMCVSS 4.3≥ 3.0.0, ≤ 3.9.192020-07-15
CVE-2020-15697 [MEDIUM] CWE-732 CVE-2020-15697: An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users.
nvd
CVE-2026-35220P4MEDIUMCVSS 4.3≥ 6.0.0, < 6.1.12026-05-26
CVE-2026-35220 [MEDIUM] CWE-352 CVE-2026-35220: Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_u Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users.
nvd
CVE-2012-5455P4MEDIUMCVSS 4.3v3.0.02012-10-22
CVE-2012-5455 [MEDIUM] CWE-79 CVE-2012-5455: Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 al Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error."
nvd
CVE-2013-3059P4MEDIUMCVSS 4.3v2.5.0v2.5.1+12 more2013-05-03
CVE-2013-3059 [MEDIUM] CWE-79 CVE-2013-3059: Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0 Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-3267P4MEDIUMCVSS 4.3v2.5.0v2.5.1+12 more2013-05-03
CVE-2013-3267 [MEDIUM] CWE-79 CVE-2013-3267: Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 an Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2012-1117P4MEDIUMCVSS 4.3v2.5.0v2.5.12012-09-26
CVE-2012-1117 [MEDIUM] CWE-79 CVE-2012-1117: Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 allows remote attackers to injec Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2012-1612P4MEDIUMCVSS 4.3v2.5.0v2.5.1+2 more2012-09-06
CVE-2012-1612 [MEDIUM] CWE-79 CVE-2012-1612: Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2012-1611P4MEDIUMCVSS 5.0v2.5.0v2.5.1+2 more2012-09-06
CVE-2012-1611 [MEDIUM] CVE-2012-1611: Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sen Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599.
nvd
CVE-2012-1599P4MEDIUMCVSS 5.0v1.5.0v1.5.1+24 more2012-12-03
CVE-2012-1599 [MEDIUM] CWE-264 CVE-2012-1599: Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain se Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611.
nvd
CVE-2007-5577P4MEDIUMCVSS 4.3fixed in 1.0.132007-10-18
CVE-2007-5577 [MEDIUM] CWE-79 CVE-2007-5577: Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow rem Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Section Name form fields in the Section Manager component, or (3) multiple unspecified fields in New Menu Item.
nvd
CVE-2010-3712P4MEDIUMCVSS 4.3v1.5.0v1.5.1+19 more2010-10-28
CVE-2010-3712 [MEDIUM] CWE-79 CVE-2010-3712: Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allow Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities," as demonstrated by the query string to index.php in the com_weblinks or com_content component.
nvd
CVE-2013-5583P4MEDIUMCVSS 4.3v3.1.52013-12-29
CVE-2013-5583 [MEDIUM] CWE-79 CVE-2013-5583: Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allo Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
nvd
CVE-2014-7982P4MEDIUMCVSS 4.3v2.5.0v2.5.1+32 more2014-10-08
CVE-2014-7982 [MEDIUM] CWE-79 CVE-2014-7982: Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 all Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-3058P4MEDIUMCVSS 4.3v2.5.0v2.5.1+12 more2013-05-03
CVE-2013-3058 [MEDIUM] CWE-79 CVE-2013-3058: Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allow Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2011-4910P4MEDIUMCVSS 4.3≤ 1.5.11v1.5.0+10 more2012-10-07
CVE-2011-4910 [MEDIUM] CWE-79 CVE-2011-4910: Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
nvd
CVE-2017-14595P4LOWCVSS 3.7v3.7.0v3.7.1+4 more2017-09-20
CVE-2017-14595 [LOW] CVE-2017-14595: In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro te In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.
nvd
CVE-2005-4650P4MEDIUMCVSS 5.3v1.0.32005-12-31
CVE-2005-4650 [MEDIUM] CWE-770 CVE-2005-4650: Joomla! 1.03 does not restrict the number of "Search" Mambots, which allows remote attackers to caus Joomla! 1.03 does not restrict the number of "Search" Mambots, which allows remote attackers to cause a denial of service (resource consumption) via a large number of Search Mambots.
nvd
CVE-2011-2890P4MEDIUMCVSS 5.0≤ 1.5.23v1.5.0+22 more2011-07-27
CVE-2011-2890 [MEDIUM] CVE-2011-2890: The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488.
nvd
Joomla ! vulnerabilities | cvebase