Shodan
Vulnerabilities
Vulnerable Software
Joomla:  >> Joomla!  >> 3.0.2  Security Vulnerabilities
CVE-2017-14596
In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
CVSS Score
9.8
EPSS Score
0.024
Published
2017-09-20
CVE-2017-11364
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-08-02
CVE-2017-11612
In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.
CVSS Score
6.1
EPSS Score
0.001
Published
2017-07-26
CVE-2017-9933
Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.
CVSS Score
7.5
EPSS Score
0.0
Published
2017-07-17
CVE-2017-9934
Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability.
CVSS Score
6.1
EPSS Score
0.004
Published
2017-07-17
CVE-2017-7983
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.
CVSS Score
5.3
EPSS Score
0.0
Published
2017-04-25
CVE-2017-7985
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.
CVSS Score
6.1
EPSS Score
0.001
Published
2017-04-25
CVE-2017-7986
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.
CVSS Score
6.1
EPSS Score
0.0
Published
2017-04-25
CVE-2017-7988
In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article.
CVSS Score
5.3
EPSS Score
0.0
Published
2017-04-25
CVE-2016-10033
Known exploited
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
CVSS Score
9.8
EPSS Score
0.945
Published
2016-12-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved