Joomla: >> Joomla! >> 4.2.6 Security Vulnerabilities
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-04-08
Various module chromes didn't properly process inputs, leading to XSS vectors.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-01-07
Lack of output escaping in the id attribute of menu lists.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-01-07
Improper Access Controls allows access to protected views.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-01-07
The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors.
CVSS Score
6.1
EPSS Score
0.0
Published
2024-08-20
Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not..
CVSS Score
6.1
EPSS Score
0.0
Published
2024-08-20
The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors.
CVSS Score
9.1
EPSS Score
0.0
Published
2024-08-20
The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions.
CVSS Score
6.1
EPSS Score
0.0
Published
2024-08-20
Improper Access Controls allows backend users to overwrite their username when disallowed.
CVSS Score
7.5
EPSS Score
0.0
Published
2024-08-20
The wrapper extensions do not correctly validate inputs, leading to XSS vectors.
CVSS Score
6.1
EPSS Score
0.0
Published
2024-07-09
Page 1