Joomla: Security Vulnerabilities
An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs.
CVSS Score
6.1
EPSS Score
0.013
Published
2020-01-28
An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities.
CVSS Score
8.8
EPSS Score
0.0
Published
2020-01-28
Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters.
CVSS Score
5.4
EPSS Score
0.0
Published
2020-01-22
Joomla! 1.5x through 1.5.12: Missing JEXEC Check
CVSS Score
5.3
EPSS Score
0.0
Published
2020-01-15
Joomla! core before 2.5.3 allows unauthorized password change.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-01-15
Joomla! before 2.5.3 allows Admin Account Creation.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-01-15
In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-12-18
In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.
CVSS Score
9.8
EPSS Score
0.001
Published
2019-12-18
An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-11-06
An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability.
CVSS Score
8.8
EPSS Score
0.0
Published
2019-11-06