Joomla: >> Joomla! >> 3.9.5 Security Vulnerabilities
In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-08-14
An issue was discovered in Joomla! before 3.9.7. The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users.
CVSS Score
6.5
EPSS Score
0.0
Published
2019-06-11
An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection.
CVSS Score
9.8
EPSS Score
0.309
Published
2019-06-11
An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-06-11
An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-05-20
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL.
CVSS Score
9.8
EPSS Score
0.095
Published
2019-05-09
SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.
CVSS Score
7.5
EPSS Score
0.0
Published
2015-06-18
Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary parameter in an edit action to administrator/index.php.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-03-19
Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) calid or (2) paletteDefault parameter in an editevent action to index.php.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-03-19
Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) xhash parameter to client/chat.php or (3) toname parameter to client/plugins/upload/upload.php.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-03-19