Joomla ! vulnerabilities

CVE-2020-35614 [MEDIUM] CVE-2020-35614: An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper handling of the username leads to An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper handling of the username leads to a user enumeration attack vector in the backend login page.

CVE-2020-35615 [MEDIUM] CWE-352 CVE-2020-35615: An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport fe An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability.

CVE-2020-24599 [MEDIUM] CWE-79 CVE-2020-24599: An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS a An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS attacks.

CVE-2020-24598 [MEDIUM] CWE-601 CVE-2020-24598: An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of co An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of com_content leads to an open redirect.

CVE-2020-15699 [MEDIUM] CWE-345 CVE-2020-15699: An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site configuration.

CVE-2020-15698 [MEDIUM] CVE-2020-15698: An issue was discovered in Joomla! through 3.9.19. Inadequate filtering on the system information sc An issue was discovered in Joomla! through 3.9.19. Inadequate filtering on the system information screen could expose Redis or proxy credentials

CVE-2020-15696 [MEDIUM] CWE-79 CVE-2020-15696: An issue was discovered in Joomla! through 3.9.19. Lack of input filtering and escaping allows XSS a An issue was discovered in Joomla! through 3.9.19. Lack of input filtering and escaping allows XSS attacks in mod_random_image.

CVE-2020-15695 [MEDIUM] CWE-352 CVE-2020-15695: An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request secti An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF vulnerability.

CVE-2020-15697 [MEDIUM] CWE-732 CVE-2020-15697: An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users.

CVE-2020-15700 [MEDIUM] CWE-352 CVE-2020-15700: An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoin An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF vulnerability.

CVE-2020-13760 [HIGH] CWE-352 CVE-2020-13760: In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF. In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF.

CVE-2020-13763 [HIGH] CWE-281 CVE-2020-13763: In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block H In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users.

CVE-2020-13761 [MEDIUM] CWE-79 CVE-2020-13761: In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - News In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS.

CVE-2020-13762 [MEDIUM] CWE-79 CVE-2020-13762: In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows XSS.

CVE-2020-11889 [MEDIUM] CVE-2020-11889: An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section o An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups.

CVE-2020-11890 [MEDIUM] CWE-20 CVE-2020-11890: An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration.

CVE-2020-11891 [MEDIUM] CVE-2020-11891: An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section o An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups.

CVE-2020-10243 [CRITICAL] CWE-89 CVE-2020-10243: An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL st An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype.

CVE-2020-10238 [HIGH] CWE-668 CVE-2020-10238: An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors.

CVE-2020-10239 [HIGH] CWE-863 CVE-2020-10239: An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of c An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users.