Joomla: >> Joomla! >> 3.9.19 Security Vulnerabilities
An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability.
CVSS Score
6.3
EPSS Score
0.0
Published
2020-12-28
An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS attacks.
CVSS Score
6.1
EPSS Score
0.009
Published
2020-08-26
An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of com_content leads to an open redirect.
CVSS Score
6.1
EPSS Score
0.0
Published
2020-08-26
An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF vulnerability.
CVSS Score
6.3
EPSS Score
0.0
Published
2020-07-15
An issue was discovered in Joomla! through 3.9.19. Lack of input filtering and escaping allows XSS attacks in mod_random_image.
CVSS Score
6.1
EPSS Score
0.028
Published
2020-07-15
An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-07-15
An issue was discovered in Joomla! through 3.9.19. Inadequate filtering on the system information screen could expose Redis or proxy credentials
CVSS Score
5.3
EPSS Score
0.0
Published
2020-07-15
An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site configuration.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-07-15
An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF vulnerability.
CVSS Score
6.3
EPSS Score
0.0
Published
2020-07-15
SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.
CVSS Score
7.5
EPSS Score
0.0
Published
2015-06-18