cbcvebase.

Joomla ! vulnerabilities

296 known vulnerabilities affecting joomla/joomla_!.

Total CVEs
296
CISA KEV
2
actively exploited
Public exploits
23
Exploited in wild
8
Severity breakdown
CRITICAL38HIGH74MEDIUM182LOW2

Vulnerabilities

Page 9 of 15
CVE-2021-26039P4MEDIUMCVSS 6.1≥ 3.0.0, ≤ 3.9.272021-07-07
CVE-2021-26039 [MEDIUM] CWE-79 CVE-2021-26039: An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the imagelist view o An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability.
nvd
CVE-2019-7741P4MEDIUMCVSS 6.1≥ 2.5.0, ≤ 3.9.22019-02-12
CVE-2019-7741 [MEDIUM] CWE-79 CVE-2019-7741: An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpu An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS.
nvd
CVE-2019-11809P4MEDIUMCVSS 6.1≥ 1.7.0, < 3.9.62019-05-20
CVE-2019-11809 [MEDIUM] CWE-79 CVE-2019-11809: An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.
nvd
CVE-2019-7742P4MEDIUMCVSS 6.1≥ 1.0.0, ≤ 3.9.22019-02-12
CVE-2019-7742 [MEDIUM] CWE-79 CVE-2019-7742: An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector.
nvd
CVE-2019-6264P4MEDIUMCVSS 6.1≥ 2.5.0, < 3.9.22019-01-16
CVE-2019-6264 [MEDIUM] CWE-79 CVE-2019-6264: An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a store An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability.
nvd
CVE-2019-6261P4MEDIUMCVSS 6.1≥ 2.5.0, < 3.9.22019-01-16
CVE-2019-6261 [MEDIUM] CWE-79 CVE-2019-6261: An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a store An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability.
nvd
CVE-2022-23798P4MEDIUMCVSS 6.1≥ 2.5.0, ≤ 3.10.6≥ 4.0.0, ≤ 4.1.02022-03-30
CVE-2022-23798 [MEDIUM] CWE-601 CVE-2022-23798: An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.
nvd
CVE-2022-23796P4MEDIUMCVSS 6.1≥ 3.7.0, ≤ 3.10.62022-03-30
CVE-2022-23796 [MEDIUM] CWE-79 CVE-2022-23796: An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields.
nvd
CVE-2024-21724P4MEDIUMCVSS 6.1≥ 1.6.0, < 3.10.15≥ 4.0.0, < 4.4.3+1 more2024-02-29
CVE-2024-21724 [MEDIUM] CWE-79 CVE-2024-21724: Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extens Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions.
nvd
CVE-2024-21729P4MEDIUMCVSS 6.1≥ 4.0.0, < 4.4.6≥ 5.0.0, < 5.1.22024-07-09
CVE-2024-21729 [MEDIUM] CWE-79 CVE-2024-21729: Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field. Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field.
nvd
CVE-2024-21731P4MEDIUMCVSS 6.1≥ 3.0.0, ≤ 3.10.15≥ 4.0.0, ≤ 4.4.5+1 more2024-07-09
CVE-2024-21731 [MEDIUM] CWE-79 CVE-2024-21731: Improper handling of input could lead to an XSS vector in the StringHelper::truncate method. Improper handling of input could lead to an XSS vector in the StringHelper::truncate method.
nvd
CVE-2026-25900P4MEDIUMCVSS 6.1≥ 3.0.0, < 5.4.6≥ 6.0.0, < 6.1.12026-05-26
CVE-2026-25900 [MEDIUM] CWE-79 CVE-2026-25900: Lack of output escaping leads to a XSS vector in the feed modules. Lack of output escaping leads to a XSS vector in the feed modules.
nvd
CVE-2026-30895P4MEDIUMCVSS 6.1≥ 3.0.0, < 5.4.6≥ 6.0.0, < 6.1.12026-05-26
CVE-2026-30895 [MEDIUM] CWE-79 CVE-2026-30895: Lack of output escaping leads to a XSS vector in the readmore links for com_content. Lack of output escaping leads to a XSS vector in the readmore links for com_content.
nvd
CVE-2026-48903P4MEDIUMCVSS 6.1≥ 3.0.0, < 5.4.6≥ 6.0.0, < 6.1.12026-05-26
CVE-2026-48903 [MEDIUM] CWE-79 CVE-2026-48903: Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in vario Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.
nvd
CVE-2018-15880P4MEDIUMCVSS 5.4fixed in 3.8.122018-08-29
CVE-2018-15880 [MEDIUM] CWE-79 CVE-2018-15880: An issue was discovered in Joomla! before 3.8.12. Inadequate output filtering on the user profile pa An issue was discovered in Joomla! before 3.8.12. Inadequate output filtering on the user profile page could lead to a stored XSS attack.
nvd
CVE-2021-23126P4MEDIUMCVSS 5.3≥ 3.2.0, < 3.9.252021-03-04
CVE-2021-23126 [MEDIUM] CWE-338 CVE-2021-23126: An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function withi An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.
nvd
CVE-2020-10240P4MEDIUMCVSS 5.3≥ 3.0.0, < 3.9.162020-03-16
CVE-2020-10240 [MEDIUM] CWE-20 CVE-2020-10240: An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead t An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.
nvd
CVE-2021-26031P4MEDIUMCVSS 5.3≥ 3.0.0, ≤ 3.9.252021-04-14
CVE-2021-26031 [MEDIUM] CVE-2021-26031: An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout setting An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI.
nvd
CVE-2020-35614P4MEDIUMCVSS 5.3≥ 3.9.0, ≤ 3.9.222020-12-28
CVE-2020-35614 [MEDIUM] CVE-2020-35614: An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper handling of the username leads to An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper handling of the username leads to a user enumeration attack vector in the backend login page.
nvd
CVE-2021-26037P4MEDIUMCVSS 5.3≥ 2.5.0, ≤ 3.9.272021-07-07
CVE-2021-26037 [MEDIUM] CWE-613 CVE-2021-26037: An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine exis An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked.
nvd
Joomla ! vulnerabilities | cvebase