Joomla ! vulnerabilities
296 known vulnerabilities affecting joomla/joomla_!.
Total CVEs
296
CISA KEV
2
actively exploited
Public exploits
23
Exploited in wild
8
Severity breakdown
CRITICAL38HIGH74MEDIUM182LOW2
Vulnerabilities
Page 15 of 15
CVE-2007-4189P4MEDIUMCVSS 4.3fixed in 1.0.132007-08-08
CVE-2007-4189 [MEDIUM] CWE-79 CVE-2007-4189: Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow rem
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) com_search, (2) com_content, and (3) mod_login components. NOTE: some of these details are obtained from third party information.
nvd
CVE-2012-4532P4MEDIUMCVSS 4.3v2.5.0v2.5.1+5 more2012-10-31
CVE-2012-4532 [MEDIUM] CWE-79 CVE-2012-4532: Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language S
Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information.
nvd
CVE-2012-2413P4MEDIUMCVSS 4.3≤ 1.5.26v1.5.0+25 more2014-10-20
CVE-2012-2413 [MEDIUM] CWE-79 CVE-2012-2413: Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier al
Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php.
nvd
CVE-2011-4332P4MEDIUMCVSS 4.3≤ 1.6.3v1.6+5 more2011-11-23
CVE-2011-4332 [MEDIUM] CWE-79 CVE-2011-4332: Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attack
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2014-7983P4MEDIUMCVSS 4.3v3.1.2v3.1.3+6 more2014-10-08
CVE-2014-7983 [MEDIUM] CWE-79 CVE-2014-7983: Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.
Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2014-6631P4MEDIUMCVSS 4.3v3.2.0v3.2.1+7 more2014-10-08
CVE-2014-6631 [MEDIUM] CWE-79 CVE-2014-6631: Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before
Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2011-2889P4MEDIUMCVSS 5.0≤ 1.5.22v1.5.0+21 more2011-07-27
CVE-2011-2889 [MEDIUM] CVE-2011-2889: templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive
templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. NOTE: this might overlap CVE-2011-2488.
nvd
CVE-2011-2710P4MEDIUMCVSS 4.3≤ 1.6.6v1.5.0+29 more2011-07-27
CVE-2011-2710 [MEDIUM] CVE-2011-2710: Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers t
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a
nvd
CVE-2011-2509P4MEDIUMCVSS 4.3≤ 1.6.3v1.5.0+26 more2011-07-27
CVE-2011-2509 [MEDIUM] CWE-79 CVE-2011-2509: Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers t
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component, as demonstrated by the Itemid parameter to index.php; (2) the query string to the com_content component, as demonstrated by the filter_order parameter to index.p
nvd
CVE-2024-21723P4MEDIUMCVSS 4.3≥ 1.5.0, < 3.10.15≥ 4.0.0, < 4.4.3+1 more2024-02-29
CVE-2024-21723 [MEDIUM] CWE-601 CVE-2024-21723: Inadequate parsing of URLs could result into an open redirect.
Inadequate parsing of URLs could result into an open redirect.
nvd
CVE-2007-4190P4MEDIUMCVSS 4.3fixed in 1.0.132007-08-08
CVE-2007-4190 [MEDIUM] CWE-74 CVE-2007-4190: CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to injec
CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party informati
nvd
CVE-2010-1649P4MEDIUMCVSS 4.3v1.5.0v1.5.1+16 more2010-06-08
CVE-2010-1649 [MEDIUM] CWE-79 CVE-2010-1649: Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 al
Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php.
nvd
CVE-2011-2891P4MEDIUMCVSS 5.0v1.6v1.6.0+1 more2011-07-27
CVE-2011-2891 [MEDIUM] CVE-2011-2891: Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Item
Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488.
nvd
CVE-2011-2892P4MEDIUMCVSS 4.3v1.6v1.6.0+1 more2011-07-27
CVE-2011-2892 [MEDIUM] CWE-20 CVE-2011-2892: Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML docu
Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
nvd
CVE-2011-3747P4MEDIUMCVSS 5.0v1.6.02011-09-23
CVE-2011-3747 [MEDIUM] CWE-200 CVE-2011-3747: Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php
Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php.
nvd
CVE-2010-2535P4LOWCVSS 3.5v1.5.0v1.5.1+18 more2010-10-05
CVE-2010-2535 [LOW] CWE-79 CVE-2010-2535: Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 a
Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens.
nvd
← Previous15 / 15