Joomla: >> Joomla! >> 3.9.16 Security Vulnerabilities
An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site configuration.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-07-15
An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF vulnerability.
CVSS Score
6.3
EPSS Score
0.0
Published
2020-07-15
In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF.
CVSS Score
8.8
EPSS Score
0.0
Published
2020-06-02
In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-06-02
In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-06-02
In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-06-02
An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-04-21
An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration.
CVSS Score
5.3
EPSS Score
0.003
Published
2020-04-21
An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-04-21
SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.
CVSS Score
7.5
EPSS Score
0.0
Published
2015-06-18