Vulnerabilities (CVE)

Filtered by vendor Joomla Subscribe
Total 914 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-11358 11 Backdropcms, Debian, Drupal and 8 more 105 Backdrop, Debian Linux, Drupal and 102 more 2023-08-31 4.3 MEDIUM 6.1 MEDIUM
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2021-23126 1 Joomla 1 Joomla\! 2023-08-08 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.
CVE-2022-27912 1 Joomla 1 Joomla\! 2023-08-08 N/A 5.3 MEDIUM
An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests.
CVE-2023-23755 1 Joomla 1 Joomla\! 2023-06-06 N/A 7.5 HIGH
An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods.
CVE-2023-23754 1 Joomla 1 Joomla\! 2023-06-06 N/A 6.1 MEDIUM
An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.
CVE-2023-23752 1 Joomla 1 Joomla\! 2023-02-24 N/A 5.3 MEDIUM
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
CVE-2023-23751 1 Joomla 1 Joomla\! 2023-02-09 N/A 4.3 MEDIUM
An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.
CVE-2023-23750 1 Joomla 1 Joomla\! 2023-02-08 N/A 6.3 MEDIUM
An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.
CVE-2019-12764 1 Joomla 1 Joomla\! 2023-01-30 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in Joomla! before 3.9.7. The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users.
CVE-2019-12766 1 Joomla 1 Joomla\! 2023-01-30 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors.
CVE-2019-12765 1 Joomla 1 Joomla\! 2023-01-30 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection.
CVE-2022-27914 1 Joomla 1 Joomla\! 2022-11-09 N/A 6.1 MEDIUM
An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.
CVE-2022-27913 1 Joomla 1 Joomla\! 2022-10-27 N/A 6.1 MEDIUM
An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components.
CVE-2022-27911 1 Joomla 1 Joomla\! 2022-09-05 N/A 5.3 MEDIUM
An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes.
CVE-2021-26029 1 Joomla 1 Joomla\! 2022-07-12 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field.
CVE-2021-26027 1 Joomla 1 Joomla\! 2022-07-12 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article.
CVE-2022-23794 1 Joomla 1 Joomla\! 2022-04-05 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application.
CVE-2022-23793 1 Joomla 1 Joomla\! 2022-04-05 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path.
CVE-2022-23795 1 Joomla 1 Joomla\! 2022-04-05 6.8 MEDIUM 9.8 CRITICAL
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover.
CVE-2022-23799 1 Joomla 1 Joomla\! 2022-04-05 6.8 MEDIUM 9.8 CRITICAL
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.