Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection."
Max CVSS
4.3
EPSS Score
0.42%
Published
2012-11-11
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error."
Max CVSS
4.3
EPSS Score
0.22%
Published
2012-10-22
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
0.69%
Published
2012-10-31
Updated
2012-11-01
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.23%
Published
2012-10-31
Updated
2017-08-29
Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header.
Max CVSS
5.0
EPSS Score
0.37%
Published
2012-07-03
Updated
2012-07-17
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header.
Max CVSS
4.3
EPSS Score
0.16%
Published
2012-07-03
Updated
2017-08-29
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to "Inadequate filtering" and a "SQL error."
Max CVSS
5.0
EPSS Score
0.50%
Published
2012-07-03
Updated
2017-08-29
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to gain privileges via unknown attack vectors related to "Inadequate checking."
Max CVSS
7.5
EPSS Score
1.34%
Published
2012-07-03
Updated
2020-02-25
Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.39%
Published
2012-09-06
Updated
2012-09-07
Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599.
Max CVSS
5.0
EPSS Score
0.19%
Published
2012-09-06
Updated
2013-10-03
Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611.
Max CVSS
5.0
EPSS Score
0.21%
Published
2012-12-03
Updated
2012-12-04
Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."
Max CVSS
7.5
EPSS Score
0.15%
Published
2012-12-03
Updated
2012-12-04
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.24%
Published
2012-09-26
Updated
2017-08-29
SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.54%
Published
2012-09-26
Updated
2017-08-29
Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator."
Max CVSS
5.0
EPSS Score
0.28%
Published
2012-09-06
Updated
2012-09-07
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors.
Max CVSS
5.0
EPSS Score
0.23%
Published
2012-09-06
Updated
2012-09-13
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain sensitive information via unknown vectors related to "administrator."
Max CVSS
5.0
EPSS Score
0.27%
Published
2012-09-06
Updated
2012-09-07
Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0820.
Max CVSS
4.3
EPSS Score
0.42%
Published
2012-09-06
Updated
2012-09-07
Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0819.
Max CVSS
5.0
EPSS Score
0.41%
Published
2012-09-06
Updated
2012-09-13
Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0822.
Max CVSS
4.3
EPSS Score
0.42%
Published
2012-09-06
Updated
2012-09-07
Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0821.
Max CVSS
5.0
EPSS Score
0.39%
Published
2012-09-06
Updated
2012-09-07
Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.36%
Published
2012-10-07
Updated
2012-10-08
Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
Max CVSS
4.3
EPSS Score
0.38%
Published
2012-10-07
Updated
2012-10-08
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php.
Max CVSS
4.3
EPSS Score
0.55%
Published
2012-10-07
Updated
2012-10-08
SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
Max CVSS
7.5
EPSS Score
0.13%
Published
2012-09-06
Updated
2013-08-16
25 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!