Joomla: >> Joomla! Security Vulnerabilities
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The autosuggestion feature of com_finder did not respect the access level of the corresponding terms.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-12-28
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-12-28
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-12-28
An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list.
CVSS Score
9.8
EPSS Score
0.01
Published
2020-12-28
An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper handling of the username leads to a user enumeration attack vector in the backend login page.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-12-28
An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability.
CVSS Score
6.3
EPSS Score
0.0
Published
2020-12-28
An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS attacks.
CVSS Score
6.1
EPSS Score
0.009
Published
2020-08-26
An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of com_content leads to an open redirect.
CVSS Score
6.1
EPSS Score
0.0
Published
2020-08-26
An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF vulnerability.
CVSS Score
6.3
EPSS Score
0.0
Published
2020-07-15
An issue was discovered in Joomla! through 3.9.19. Lack of input filtering and escaping allows XSS attacks in mod_random_image.
CVSS Score
6.1
EPSS Score
0.028
Published
2020-07-15