Filtered by vendor Joomla
Subscriptions
Total
946 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4476 | 1 Joomla | 1 Joomla | 2025-04-03 | N/A |
| Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL. | ||||
| CVE-2006-2960 | 1 Joomla | 1 Joomla | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter. | ||||
| CVE-2023-23750 | 1 Joomla | 1 Joomla\! | 2025-03-29 | 6.3 Medium |
| An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages. | ||||
| CVE-2024-21724 | 1 Joomla | 1 Joomla\! | 2025-03-29 | 6.1 Medium |
| Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions. | ||||
| CVE-2023-23751 | 1 Joomla | 1 Joomla\! | 2025-03-29 | 4.3 Medium |
| An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs. | ||||
| CVE-2024-26279 | 1 Joomla | 1 Joomla\! | 2025-03-26 | 6.1 Medium |
| The wrapper extensions do not correctly validate inputs, leading to XSS vectors. | ||||
| CVE-2024-21729 | 1 Joomla | 1 Joomla\! | 2025-03-26 | 6.1 Medium |
| Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field. | ||||
| CVE-2024-21730 | 1 Joomla | 1 Joomla\! | 2025-03-20 | 5.4 Medium |
| The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector. | ||||
| CVE-2024-26278 | 1 Joomla | 1 Joomla\! | 2025-03-14 | 4.6 Medium |
| The Custom Fields component not correctly filter inputs, leading to a XSS vector. | ||||
| CVE-2024-21731 | 1 Joomla | 1 Joomla\! | 2025-03-14 | 6.1 Medium |
| Improper handling of input could lead to an XSS vector in the StringHelper::truncate method. | ||||
| CVE-2023-23754 | 1 Joomla | 1 Joomla\! | 2025-01-10 | 6.1 Medium |
| An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen. | ||||
| CVE-2023-23755 | 1 Joomla | 1 Joomla\! | 2025-01-10 | 7.5 High |
| An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods. | ||||
| CVE-2023-40626 | 1 Joomla | 1 Joomla\! | 2024-12-04 | 7.5 High |
| The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information. | ||||
| CVE-2022-27914 | 1 Joomla | 1 Joomla\! | 2024-11-26 | 6.1 Medium |
| An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media. | ||||
| CVE-2022-27913 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components. | ||||
| CVE-2022-27912 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests. | ||||
| CVE-2022-27911 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes. | ||||
| CVE-2022-23801 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media. | ||||
| CVE-2022-23800 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components. | ||||
| CVE-2022-23799 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data. | ||||