Vulnerabilities (CVE)

Vendor filter

Joomla Subscribe

Filter

392 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-17859 1 Joomla 1 Joomla%21 2019-10-03 4.0
An issue was discovered in Joomla! before 3.8.13. Inadequate checks in com_contact could allow mail submission in disabled forms.
CVE-2018-17855 1 Joomla 1 Joomla%21 2019-10-03 6.5
An issue was discovered in Joomla! before 3.8.13. If an attacker gets access to the mail account of an user who can approve admin verifications in the registration process, he can activate himself.
CVE-2017-7988 1 Joomla 1 Joomla%21 2019-10-03 5.0
In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article.
CVE-2018-11325 1 Joomla 1 Joomla%21 2019-10-03 5.0
An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the...
CVE-2018-11323 1 Joomla 1 Joomla%21 2019-10-03 6.5
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions.
CVE-2018-17857 1 Joomla 1 Joomla%21 2019-10-03 4.0
An issue was discovered in Joomla! before 3.8.13. Inadequate checks on the tags search fields can lead to an access level violation.
CVE-2018-15881 1 Joomla 1 Joomla%21 2019-10-03 5.0
An issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can lead to an ACL violation.
CVE-2017-14595 1 Joomla 1 Joomla%21 2019-10-03 4.3
In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.
CVE-2019-16725 1 Joomla 1 Joomla%21 2019-09-25 4.3
In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates.
CVE-2019-15028 1 Joomla 1 Joomla%21 2019-08-27 5.0
In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms.
CVE-2019-14654 1 Joomla 1 Joomla%21 2019-08-09 6.5
In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code...
CVE-2019-12765 1 Joomla 1 Joomla%21 2019-06-12 7.5
An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection.
CVE-2019-12766 1 Joomla 1 Joomla%21 2019-06-12 4.3
An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors.
CVE-2019-12764 1 Joomla 1 Joomla%21 2019-06-12 4.0
An issue was discovered in Joomla! before 3.9.7. The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users.
CVE-2019-11809 1 Joomla 1 Joomla%21 2019-05-20 4.3
An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.
CVE-2019-10945 1 Joomla 1 Joomla%21 2019-04-17 7.5
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.
CVE-2017-8917 1 Joomla 1 Joomla%21 2019-04-16 7.5
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2019-10946 1 Joomla 1 Joomla%21 2019-04-11 5.0
An issue was discovered in Joomla! before 3.9.5. The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users.
CVE-2017-7985 1 Joomla 1 Joomla%21 2019-03-19 4.3
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.
CVE-2019-9711 1 Joomla 1 Joomla%21 2019-03-15 4.3
An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS.