Joomla ! vulnerabilities
296 known vulnerabilities affecting joomla/joomla_!.
Total CVEs
296
CISA KEV
2
actively exploited
Public exploits
23
Exploited in wild
8
Severity breakdown
CRITICAL38HIGH74MEDIUM182LOW2
Vulnerabilities
Page 9 of 15
CVE-2021-26039P4MEDIUMCVSS 6.1≥ 3.0.0, ≤ 3.9.272021-07-07
CVE-2021-26039 [MEDIUM] CWE-79 CVE-2021-26039: An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the imagelist view o
An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability.
nvd
CVE-2019-7741P4MEDIUMCVSS 6.1≥ 2.5.0, ≤ 3.9.22019-02-12
CVE-2019-7741 [MEDIUM] CWE-79 CVE-2019-7741: An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpu
An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS.
nvd
CVE-2019-11809P4MEDIUMCVSS 6.1≥ 1.7.0, < 3.9.62019-05-20
CVE-2019-11809 [MEDIUM] CWE-79 CVE-2019-11809: An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape
An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.
nvd
CVE-2019-7742P4MEDIUMCVSS 6.1≥ 1.0.0, ≤ 3.9.22019-02-12
CVE-2019-7742 [MEDIUM] CWE-79 CVE-2019-7742: An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations
An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector.
nvd
CVE-2019-6264P4MEDIUMCVSS 6.1≥ 2.5.0, < 3.9.22019-01-16
CVE-2019-6264 [MEDIUM] CWE-79 CVE-2019-6264: An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a store
An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability.
nvd
CVE-2019-6261P4MEDIUMCVSS 6.1≥ 2.5.0, < 3.9.22019-01-16
CVE-2019-6261 [MEDIUM] CWE-79 CVE-2019-6261: An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a store
An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability.
nvd
CVE-2022-23798P4MEDIUMCVSS 6.1≥ 2.5.0, ≤ 3.10.6≥ 4.0.0, ≤ 4.1.02022-03-30
CVE-2022-23798 [MEDIUM] CWE-601 CVE-2022-23798: An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.
nvd
CVE-2022-23796P4MEDIUMCVSS 6.1≥ 3.7.0, ≤ 3.10.62022-03-30
CVE-2022-23796 [MEDIUM] CWE-79 CVE-2022-23796: An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS
An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields.
nvd
CVE-2024-21724P4MEDIUMCVSS 6.1≥ 1.6.0, < 3.10.15≥ 4.0.0, < 4.4.3+1 more2024-02-29
CVE-2024-21724 [MEDIUM] CWE-79 CVE-2024-21724: Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extens
Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions.
nvd
CVE-2024-21729P4MEDIUMCVSS 6.1≥ 4.0.0, < 4.4.6≥ 5.0.0, < 5.1.22024-07-09
CVE-2024-21729 [MEDIUM] CWE-79 CVE-2024-21729: Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field.
Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field.
nvd
CVE-2024-21731P4MEDIUMCVSS 6.1≥ 3.0.0, ≤ 3.10.15≥ 4.0.0, ≤ 4.4.5+1 more2024-07-09
CVE-2024-21731 [MEDIUM] CWE-79 CVE-2024-21731: Improper handling of input could lead to an XSS vector in the StringHelper::truncate method.
Improper handling of input could lead to an XSS vector in the StringHelper::truncate method.
nvd
CVE-2026-25900P4MEDIUMCVSS 6.1≥ 3.0.0, < 5.4.6≥ 6.0.0, < 6.1.12026-05-26
CVE-2026-25900 [MEDIUM] CWE-79 CVE-2026-25900: Lack of output escaping leads to a XSS vector in the feed modules.
Lack of output escaping leads to a XSS vector in the feed modules.
nvd
CVE-2026-30895P4MEDIUMCVSS 6.1≥ 3.0.0, < 5.4.6≥ 6.0.0, < 6.1.12026-05-26
CVE-2026-30895 [MEDIUM] CWE-79 CVE-2026-30895: Lack of output escaping leads to a XSS vector in the readmore links for com_content.
Lack of output escaping leads to a XSS vector in the readmore links for com_content.
nvd
CVE-2026-48903P4MEDIUMCVSS 6.1≥ 3.0.0, < 5.4.6≥ 6.0.0, < 6.1.12026-05-26
CVE-2026-48903 [MEDIUM] CWE-79 CVE-2026-48903: Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in vario
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.
nvd
CVE-2018-15880P4MEDIUMCVSS 5.4fixed in 3.8.122018-08-29
CVE-2018-15880 [MEDIUM] CWE-79 CVE-2018-15880: An issue was discovered in Joomla! before 3.8.12. Inadequate output filtering on the user profile pa
An issue was discovered in Joomla! before 3.8.12. Inadequate output filtering on the user profile page could lead to a stored XSS attack.
nvd
CVE-2021-23126P4MEDIUMCVSS 5.3≥ 3.2.0, < 3.9.252021-03-04
CVE-2021-23126 [MEDIUM] CWE-338 CVE-2021-23126: An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function withi
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.
nvd
CVE-2020-10240P4MEDIUMCVSS 5.3≥ 3.0.0, < 3.9.162020-03-16
CVE-2020-10240 [MEDIUM] CWE-20 CVE-2020-10240: An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead t
An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.
nvd
CVE-2021-26031P4MEDIUMCVSS 5.3≥ 3.0.0, ≤ 3.9.252021-04-14
CVE-2021-26031 [MEDIUM] CVE-2021-26031: An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout setting
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI.
nvd
CVE-2020-35614P4MEDIUMCVSS 5.3≥ 3.9.0, ≤ 3.9.222020-12-28
CVE-2020-35614 [MEDIUM] CVE-2020-35614: An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper handling of the username leads to
An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper handling of the username leads to a user enumeration attack vector in the backend login page.
nvd
CVE-2021-26037P4MEDIUMCVSS 5.3≥ 2.5.0, ≤ 3.9.272021-07-07
CVE-2021-26037 [MEDIUM] CWE-613 CVE-2021-26037: An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine exis
An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked.
nvd