Joomla: >> Joomla! >> 3.9.12 Security Vulnerabilities
An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks.
CVSS Score
6.1
EPSS Score
0.013
Published
2020-03-16
An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype.
CVSS Score
9.8
EPSS Score
0.001
Published
2020-03-16
An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-01-28
An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs.
CVSS Score
6.1
EPSS Score
0.025
Published
2020-01-28
An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities.
CVSS Score
8.8
EPSS Score
0.0
Published
2020-01-28
In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-12-18
In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.
CVSS Score
9.8
EPSS Score
0.014
Published
2019-12-18
An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure.
CVSS Score
5.3
EPSS Score
0.001
Published
2019-11-06
An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability.
CVSS Score
8.8
EPSS Score
0.0
Published
2019-11-06
SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.
CVSS Score
7.5
EPSS Score
0.0
Published
2015-06-18