Shodan
Vulnerabilities
Vulnerable Software
Joomla:  >> Joomla!  >> 1.5.17  Security Vulnerabilities
CVE-2018-11328
An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability.
CVSS Score
4.7
EPSS Score
0.001
Published
2018-05-22
CVE-2018-6378
In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager.
CVSS Score
6.1
EPSS Score
0.019
Published
2018-05-22
CVE-2018-6376
In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.
CVSS Score
9.8
EPSS Score
0.077
Published
2018-01-30
CVE-2018-6377
In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox
CVSS Score
6.1
EPSS Score
0.466
Published
2018-01-30
CVE-2018-6379
In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability.
CVSS Score
6.1
EPSS Score
0.031
Published
2018-01-30
CVE-2018-6380
In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.
CVSS Score
6.1
EPSS Score
0.031
Published
2018-01-30
CVE-2017-14596
In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
CVSS Score
9.8
EPSS Score
0.04
Published
2017-09-20
CVE-2017-11364
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-08-02
CVE-2017-11612
In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-07-26
CVE-2017-7983
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.
CVSS Score
5.3
EPSS Score
0.0
Published
2017-04-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved