cbcvebase.

Joomla ! vulnerabilities

296 known vulnerabilities affecting joomla/joomla_!.

Total CVEs
296
CISA KEV
2
actively exploited
Public exploits
23
Exploited in wild
8
Severity breakdown
CRITICAL38HIGH74MEDIUM182LOW2

Vulnerabilities

Page 7 of 15
CVE-2024-21722P4MEDIUMCVSS 6.3≥ 3.2.0, < 3.10.15≥ 4.0.0, < 4.4.3+1 more2024-02-29
CVE-2024-21722 [MEDIUM] CWE-613 CVE-2024-21722: The MFA management features did not properly terminate existing user sessions when a user's MFA meth The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified.
nvd
CVE-2018-11321P4MEDIUMCVSS 6.5fixed in 3.8.82018-05-22
CVE-2018-11321 [MEDIUM] CWE-20 CVE-2018-11321: An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows user An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.
nvd
CVE-2006-4470P4HIGHCVSS 7.5fixed in 1.0.112006-08-31
CVE-2006-4470 [HIGH] CVE-2006-4470: Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion.
nvd
CVE-2019-12764P4MEDIUMCVSS 6.5≥ 3.8.13, < 3.9.72019-06-11
CVE-2019-12764 [MEDIUM] CVE-2019-12764: An issue was discovered in Joomla! before 3.9.7. The update server URL of com_joomlaupdate can be ma An issue was discovered in Joomla! before 3.9.7. The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users.
nvd
CVE-2017-7989P4MEDIUMCVSS 6.5v3.2.0v3.2.1+26 more2017-04-25
CVE-2017-7989 [MEDIUM] CWE-434 CVE-2017-7989: In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege u In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.
nvd
CVE-2012-1598P4HIGHCVSS 7.5v1.5.0v1.5.1+24 more2012-12-03
CVE-2012-1598 [HIGH] CWE-264 CVE-2012-1598: Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient rando Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."
nvd
CVE-2020-15696P4MEDIUMCVSS 6.1≥ 3.0.0, ≤ 3.9.192020-07-15
CVE-2020-15696 [MEDIUM] CWE-79 CVE-2020-15696: An issue was discovered in Joomla! through 3.9.19. Lack of input filtering and escaping allows XSS a An issue was discovered in Joomla! through 3.9.19. Lack of input filtering and escaping allows XSS attacks in mod_random_image.
nvd
CVE-2015-5397P4MEDIUMCVSS 6.8v3.2.0v3.2.1+13 more2015-07-14
CVE-2015-5397 [MEDIUM] CWE-352 CVE-2015-5397: Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4. Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors.
nvd
CVE-2021-26033P4MEDIUMCVSS 6.5≥ 3.0.0, ≤ 3.9.262021-05-26
CVE-2021-26033 [MEDIUM] CWE-352 CVE-2021-26033: An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnera An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint.
nvd
CVE-2020-15695P4MEDIUMCVSS 6.3≥ 3.9.0, ≤ 3.9.192020-07-15
CVE-2020-15695 [MEDIUM] CWE-352 CVE-2020-15695: An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request secti An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF vulnerability.
nvd
CVE-2020-15700P4MEDIUMCVSS 6.3≥ 3.7.0, ≤ 3.9.192020-07-15
CVE-2020-15700 [MEDIUM] CWE-352 CVE-2020-15700: An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoin An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF vulnerability.
nvd
CVE-2018-11324P4MEDIUMCVSS 5.9fixed in 3.8.82018-05-22
CVE-2018-11324 [MEDIUM] CWE-362 CVE-2018-11324: An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as rem An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated.
nvd
CVE-2006-4468P4MEDIUMCVSS 6.8fixed in 1.0.112006-08-31
CVE-2006-4468 [MEDIUM] CWE-20 CVE-2006-4468: Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow a Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the lack of inclusion of globals.php in administrator/index.php; (5) the Admin User Manager; and (6) the poll
nvd
CVE-2015-8563P4MEDIUMCVSS 6.8v3.2.0v3.2.1+14 more2015-12-16
CVE-2015-8563 [MEDIUM] CWE-352 CVE-2015-8563: Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 thro Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
nvd
CVE-2017-9934P4MEDIUMCVSS 6.1v1.7.3v1.7.4+73 more2017-07-17
CVE-2017-9934 [MEDIUM] CWE-79 CVE-2017-9934: Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to a Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability.
nvd
CVE-2021-26034P4MEDIUMCVSS 6.5≥ 3.0.0, ≤ 3.9.262021-05-26
CVE-2021-26034 [MEDIUM] CWE-352 CVE-2021-26034: An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnera An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo.
nvd
CVE-2020-35615P4MEDIUMCVSS 6.3≥ 2.5.0, ≤ 3.9.222020-12-28
CVE-2020-35615 [MEDIUM] CWE-352 CVE-2020-35615: An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport fe An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability.
nvd
CVE-2020-11890P4MEDIUMCVSS 5.3≥ 2.5.0, < 3.9.172020-04-21
CVE-2020-11890 [MEDIUM] CWE-20 CVE-2020-11890: An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration.
nvd
CVE-2023-23750P4MEDIUMCVSS 6.3≥ 4.0.0, ≤ 4.2.62023-02-01
CVE-2023-23750 [MEDIUM] CWE-352 CVE-2023-23750: An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerab An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.
nvd
CVE-2026-48905P4MEDIUMCVSS 6.1≥ 3.0.0, < 5.4.6≥ 6.0.0, < 6.1.02026-05-26
CVE-2026-48905 [MEDIUM] CWE-79 CVE-2026-48905: Lack of input filtering leads to an XSS vector in the HTML filter code. Lack of input filtering leads to an XSS vector in the HTML filter code.
nvd
Joomla ! vulnerabilities | cvebase