Shodan
Vulnerabilities
Vulnerable Software
Joomla:  >> Joomla!  >> 4.0.0  Security Vulnerabilities
CVE-2022-23795
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover.
CVSS Score
9.8
EPSS Score
0.0
Published
2022-03-30
CVE-2022-23797
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-03-30
CVE-2022-23798
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.
CVSS Score
6.1
EPSS Score
0.0
Published
2022-03-30
CVE-2022-23799
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.
CVSS Score
9.8
EPSS Score
0.0
Published
2022-03-30
CVE-2022-23800
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components.
CVSS Score
6.1
EPSS Score
0.012
Published
2022-03-30
CVE-2022-23801
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media.
CVSS Score
6.1
EPSS Score
0.014
Published
2022-03-30
CVE-2021-26040
An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user's permissions before executing a file deletion command.
CVSS Score
9.1
EPSS Score
0.0
Published
2021-08-24
CVE-2015-4654
SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.
CVSS Score
7.5
EPSS Score
0.0
Published
2015-06-18
CVE-2013-5955
Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary parameter in an edit action to administrator/index.php.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-03-19
CVE-2013-5953
Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) calid or (2) paletteDefault parameter in an editevent action to index.php.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-03-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved