Joomla: >> Joomla! >> 3.9.13 Security Vulnerabilities
An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users.
CVSS Score
8.8
EPSS Score
0.018
Published
2020-03-16
An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-03-16
An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF.
CVSS Score
8.8
EPSS Score
0.0
Published
2020-03-16
An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks.
CVSS Score
6.1
EPSS Score
0.013
Published
2020-03-16
An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype.
CVSS Score
9.8
EPSS Score
0.001
Published
2020-03-16
An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.
CVSS Score
8.8
EPSS Score
0.0
Published
2020-01-28
An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs.
CVSS Score
6.1
EPSS Score
0.013
Published
2020-01-28
An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities.
CVSS Score
8.8
EPSS Score
0.0
Published
2020-01-28
In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-12-18
In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.
CVSS Score
9.8
EPSS Score
0.001
Published
2019-12-18