Shodan
Vulnerabilities
Vulnerable Software
Joomla:  >> Joomla!  >> 4.4.8  Security Vulnerabilities
CVE-2025-63082
Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-01-06
CVE-2025-63083
Lack of output escaping leads to a XSS vector in the pagebreak plugin.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-01-06
CVE-2025-25227
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-04-08
CVE-2024-40747
Various module chromes didn't properly process inputs, leading to XSS vectors.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-01-07
CVE-2024-40748
Lack of output escaping in the id attribute of menu lists.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-01-07
CVE-2024-40749
Improper Access Controls allows access to protected views.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-01-07
CVE-2015-4654
SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.
CVSS Score
7.5
EPSS Score
0.0
Published
2015-06-18
CVE-2013-5955
Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary parameter in an edit action to administrator/index.php.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-03-19
CVE-2013-5953
Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) calid or (2) paletteDefault parameter in an editevent action to index.php.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-03-19
CVE-2013-5952
Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) xhash parameter to client/chat.php or (3) toname parameter to client/plugins/upload/upload.php.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-03-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved