An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated.
Max CVSS
5.9
EPSS Score
0.45%
Published
2018-05-22
Updated
2018-06-22
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.10 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters involving the (1) getUserStateFromRequest function, and the (2) SEF and (3) com_messages modules.
Max CVSS
5.8
EPSS Score
0.48%
Published
2006-07-10
Updated
2017-07-20
Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.
Max CVSS
5.8
EPSS Score
0.37%
Published
2008-09-18
Updated
2017-08-08
Unspecified vulnerability in the Front-End Editor in the com_content component in Joomla! before 1.5.15 allows remote authenticated users, with Author privileges, to replace the articles of an arbitrary user via unknown vectors.
Max CVSS
5.5
EPSS Score
0.16%
Published
2009-11-16
Updated
2017-08-17
plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors.
Max CVSS
5.5
EPSS Score
3.04%
Published
2013-05-03
Updated
2014-03-07
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path.
Max CVSS
5.5
EPSS Score
0.05%
Published
2021-03-04
Updated
2021-03-10
Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters.
Max CVSS
5.4
EPSS Score
0.09%
Published
2020-01-22
Updated
2020-01-24
An issue was discovered in Joomla! before 3.8.12. Inadequate output filtering on the user profile page could lead to a stored XSS attack.
Max CVSS
5.4
EPSS Score
0.25%
Published
2018-08-29
Updated
2018-11-02
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS.
Max CVSS
5.4
EPSS Score
0.07%
Published
2019-01-16
Updated
2019-02-26
Joomla! 1.5x through 1.5.12: Missing JEXEC Check
Max CVSS
5.3
EPSS Score
0.10%
Published
2020-01-15
Updated
2020-01-22
Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.
Max CVSS
5.3
EPSS Score
0.08%
Published
2020-02-04
Updated
2020-02-05
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.
Max CVSS
5.3
EPSS Score
0.14%
Published
2017-04-25
Updated
2017-05-03
In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article.
Max CVSS
5.3
EPSS Score
0.10%
Published
2017-04-25
Updated
2019-10-03
In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting.
Max CVSS
5.3
EPSS Score
0.14%
Published
2017-04-25
Updated
2017-05-03
In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms.
Max CVSS
5.3
EPSS Score
0.08%
Published
2019-08-14
Updated
2020-08-24
An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure.
Max CVSS
5.3
EPSS Score
0.09%
Published
2019-11-06
Updated
2019-11-06
In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure.
Max CVSS
5.3
EPSS Score
0.15%
Published
2019-12-18
Updated
2019-12-19
An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.
Max CVSS
5.3
EPSS Score
0.08%
Published
2020-03-16
Updated
2020-03-19
An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups.
Max CVSS
5.3
EPSS Score
0.08%
Published
2020-04-21
Updated
2021-07-21
An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration.
Max CVSS
5.3
EPSS Score
0.08%
Published
2020-04-21
Updated
2020-04-29
An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups.
Max CVSS
5.3
EPSS Score
0.08%
Published
2020-04-21
Updated
2021-07-21
An issue was discovered in Joomla! through 3.9.19. Inadequate filtering on the system information screen could expose Redis or proxy credentials
Max CVSS
5.3
EPSS Score
0.11%
Published
2020-07-15
Updated
2021-07-21
An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site configuration.
Max CVSS
5.3
EPSS Score
0.08%
Published
2020-07-15
Updated
2020-07-15
An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper handling of the username leads to a user enumeration attack vector in the backend login page.
Max CVSS
5.3
EPSS Score
0.11%
Published
2020-12-28
Updated
2021-07-21
An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition endpoint of com_modules leak names of unpublished and/or inaccessible modules.
Max CVSS
5.3
EPSS Score
0.09%
Published
2021-01-12
Updated
2021-01-19
72 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!