Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Joomla Subscribe
Filtered by product Joomla\!
Total 578 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-4532 1 Joomla 1 Joomla\! 2012-11-01 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information.
CVE-2011-4911 1 Joomla 1 Joomla\! 2012-10-07 5.0 MEDIUM N/A
Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors.
CVE-2011-4909 1 Joomla 1 Joomla\! 2012-10-07 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php.
CVE-2011-4910 1 Joomla 1 Joomla\! 2012-10-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2011-5134 2 Joomla, Widgetfactorylimited 2 Joomla\!, Com Jce 2012-09-12 6.0 MEDIUM N/A
Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the JCE component before 2.0.18 for Joomla! allows remote authenticated users with the author privileges to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif. NOTE: some of these details are obtained from third party information.
CVE-2012-0821 1 Joomla 1 Joomla\! 2012-09-12 5.0 MEDIUM N/A
Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0819.
CVE-2012-0836 1 Joomla 1 Joomla\! 2012-09-12 5.0 MEDIUM N/A
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors.
CVE-2012-1612 1 Joomla 1 Joomla\! 2012-09-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-0837 1 Joomla 1 Joomla\! 2012-09-07 5.0 MEDIUM N/A
Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator."
CVE-2012-0820 1 Joomla 1 Joomla\! 2012-09-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0822.
CVE-2012-0822 1 Joomla 1 Joomla\! 2012-09-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0820.
CVE-2012-0835 1 Joomla 1 Joomla\! 2012-09-06 5.0 MEDIUM N/A
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain sensitive information via unknown vectors related to "administrator."
CVE-2012-4868 2 Joomla, Kunena 2 Joomla\!, Kunena 2012-09-06 7.5 HIGH N/A
SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2012-0819 1 Joomla 1 Joomla\! 2012-09-06 5.0 MEDIUM N/A
Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0821.
CVE-2011-5113 2 Joomla, Techdeluge 2 Joomla\!, Com Techfolio 2012-08-23 7.5 HIGH N/A
SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2011-5112 2 Blueflyingfish, Joomla 2 Com Alameda, Joomla\! 2012-08-23 7.5 HIGH N/A
SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php.
CVE-2012-3554 2 Joomla, Rsgallery2 2 Joomla\!, Com Rsgallery2 2012-08-10 7.5 HIGH N/A
SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-4071 2 Joomla, Rsgallery2 2 Joomla\!, Com Rsgallery2 2012-08-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment.
CVE-2012-4235 2 Joomla, Rsgallery2 2 Joomla\!, Com Rsgallery2 2012-08-10 5.0 MEDIUM N/A
The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI.
CVE-2012-3829 1 Joomla 1 Joomla\! 2012-07-16 5.0 MEDIUM N/A
Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header.