Joomla: >> Joomla! Security Vulnerabilities
Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters.
CVSS Score
5.4
EPSS Score
0.0
Published
2020-01-22
Joomla! 1.5x through 1.5.12: Missing JEXEC Check
CVSS Score
5.3
EPSS Score
0.0
Published
2020-01-15
Joomla! core before 2.5.3 allows unauthorized password change.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-01-15
Joomla! before 2.5.3 allows Admin Account Creation.
CVSS Score
7.5
EPSS Score
0.05
Published
2020-01-15
In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-12-18
In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.
CVSS Score
9.8
EPSS Score
0.014
Published
2019-12-18
An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure.
CVSS Score
5.3
EPSS Score
0.001
Published
2019-11-06
An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability.
CVSS Score
8.8
EPSS Score
0.0
Published
2019-11-06
In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates.
CVSS Score
6.1
EPSS Score
0.039
Published
2019-09-24
In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-08-14