Shodan
Vulnerabilities
Vulnerable Software
Joomla:  >> Joomla!  >> 3.8.3  Security Vulnerabilities
CVE-2018-6378
In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager.
CVSS Score
6.1
EPSS Score
0.017
Published
2018-05-22
CVE-2018-8045
In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view.
CVSS Score
8.8
EPSS Score
0.211
Published
2018-03-15
CVE-2018-6376
In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.
CVSS Score
9.8
EPSS Score
0.024
Published
2018-01-30
CVE-2018-6377
In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox
CVSS Score
6.1
EPSS Score
0.065
Published
2018-01-30
CVE-2018-6379
In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability.
CVSS Score
6.1
EPSS Score
0.01
Published
2018-01-30
CVE-2018-6380
In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.
CVSS Score
6.1
EPSS Score
0.01
Published
2018-01-30
CVE-2015-4654
SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.
CVSS Score
7.5
EPSS Score
0.0
Published
2015-06-18
CVE-2013-5955
Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary parameter in an edit action to administrator/index.php.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-03-19
CVE-2013-5953
Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) calid or (2) paletteDefault parameter in an editevent action to index.php.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-03-19
CVE-2013-5952
Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) xhash parameter to client/chat.php or (3) toname parameter to client/plugins/upload/upload.php.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-03-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved