Shodan
Vulnerabilities
Vulnerable Software
Joomla:  >> Joomla!  >> 3.9.26  Security Vulnerabilities
CVE-2022-23798
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.
CVSS Score
6.1
EPSS Score
0.0
Published
2022-03-30
CVE-2021-26035
An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the rules field of the JForm API leads to a XSS vulnerability.
CVSS Score
6.1
EPSS Score
0.01
Published
2021-07-07
CVE-2021-26036
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table.
CVSS Score
7.5
EPSS Score
0.0
Published
2021-07-07
CVE-2021-26037
An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-07-07
CVE-2021-26038
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in com_installer lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL for com_installer is limited to super users already.
CVSS Score
7.5
EPSS Score
0.0
Published
2021-07-07
CVE-2021-26039
An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability.
CVSS Score
6.1
EPSS Score
0.01
Published
2021-07-07
CVE-2021-26032
An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors.
CVSS Score
6.1
EPSS Score
0.007
Published
2021-05-26
CVE-2021-26033
An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint.
CVSS Score
6.5
EPSS Score
0.0
Published
2021-05-26
CVE-2021-26034
An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo.
CVSS Score
6.5
EPSS Score
0.0
Published
2021-05-26
CVE-2015-4654
SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.
CVSS Score
7.5
EPSS Score
0.0
Published
2015-06-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved