Shodan
Vulnerabilities
Vulnerable Software
Joomla:  >> Joomla!  >> 3.9.23  Security Vulnerabilities
CVE-2021-23132
An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads
CVSS Score
7.5
EPSS Score
0.653
Published
2021-03-04
CVE-2021-26027
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-03-04
CVE-2021-26028
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-03-04
CVE-2021-26029
An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-03-04
CVE-2021-23123
An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition endpoint of com_modules leak names of unpublished and/or inaccessible modules.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-01-12
CVE-2021-23124
An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks.
CVSS Score
6.1
EPSS Score
0.364
Published
2021-01-12
CVE-2021-23125
An issue was discovered in Joomla! 3.1.0 through 3.9.23. The lack of escaping of image-related parameters in multiple com_tags views cause lead to XSS attack vectors.
CVSS Score
6.1
EPSS Score
0.08
Published
2021-01-12
CVE-2015-4654
SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.
CVSS Score
7.5
EPSS Score
0.0
Published
2015-06-18
CVE-2013-5955
Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary parameter in an edit action to administrator/index.php.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-03-19
CVE-2013-5953
Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) calid or (2) paletteDefault parameter in an editevent action to index.php.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-03-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved