Shodan
Vulnerabilities
Vulnerable Software
Joomla:  >> Joomla!  >> 3.4.2  Security Vulnerabilities
CVE-2017-9934
Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability.
CVSS Score
6.1
EPSS Score
0.004
Published
2017-07-17
CVE-2017-7983
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.
CVSS Score
5.3
EPSS Score
0.0
Published
2017-04-25
CVE-2017-7984
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component.
CVSS Score
6.1
EPSS Score
0.0
Published
2017-04-25
CVE-2017-7985
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.
CVSS Score
6.1
EPSS Score
0.001
Published
2017-04-25
CVE-2017-7986
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.
CVSS Score
6.1
EPSS Score
0.0
Published
2017-04-25
CVE-2017-7987
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.
CVSS Score
6.1
EPSS Score
0.0
Published
2017-04-25
CVE-2017-7988
In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article.
CVSS Score
5.3
EPSS Score
0.0
Published
2017-04-25
CVE-2017-7989
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.
CVSS Score
6.5
EPSS Score
0.0
Published
2017-04-25
CVE-2017-8057
In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting.
CVSS Score
5.3
EPSS Score
0.0
Published
2017-04-25
CVE-2016-10033
Known exploited
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
CVSS Score
9.8
EPSS Score
0.944
Published
2016-12-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved