Joomla: >> Joomla! >> 3.0.2 Security Vulnerabilities
In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager.
CVSS Score
6.1
EPSS Score
0.017
Published
2018-05-22
In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.
CVSS Score
9.8
EPSS Score
0.024
Published
2018-01-30
In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox
CVSS Score
6.1
EPSS Score
0.065
Published
2018-01-30
In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability.
CVSS Score
6.1
EPSS Score
0.01
Published
2018-01-30
In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.
CVSS Score
6.1
EPSS Score
0.01
Published
2018-01-30
Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.
CVSS Score
6.1
EPSS Score
0.001
Published
2017-09-20
In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
CVSS Score
9.8
EPSS Score
0.026
Published
2017-09-20
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-08-02
In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.
CVSS Score
6.1
EPSS Score
0.001
Published
2017-07-26
Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.
CVSS Score
7.5
EPSS Score
0.0
Published
2017-07-17