Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Joomla Subscribe
Total 912 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-9933 1 Joomla 1 Joomla\! 2017-07-20 5.0 MEDIUM 7.5 HIGH
Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.
CVE-2006-4474 1 Joomla 1 Joomla 2017-07-19 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3) Search.
CVE-2006-3480 1 Joomla 1 Joomla 2017-07-19 5.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.10 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters involving the (1) getUserStateFromRequest function, and the (2) SEF and (3) com_messages modules.
CVE-2006-3481 1 Joomla 1 Joomla 2017-07-19 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow remote attackers to execute arbitrary SQL commands via unspecified parameters involving the (1) "Remember Me" function, (2) "Related Items" module, and the (3) "Weblinks submission".
CVE-2006-1048 1 Joomla 1 Joomla 2017-07-19 5.0 MEDIUM N/A
Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the (1) Weblink, (2) Polls, (3) Newsfeeds, (4) Weblinks, (5) Content, (6) Content Section, (7) Content Category, (8) Contact items, or (9) Contact Search, (10) Content Search, (11) Newsfeed Search, or (12) Weblink Search.
CVE-2006-1030 1 Joomla 1 Joomla 2017-07-19 5.0 MEDIUM N/A
Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via an unspecified attack vector that reveals the path.
CVE-2006-0114 1 Joomla 1 Joomla 2017-07-19 5.0 MEDIUM N/A
The vCard functions in Joomla! 1.0.5 use predictable sequential IDs for vcards and do not restrict access to them, which allows remote attackers to obtain valid e-mail addresses to conduct spam attacks by modifying the contact_id parameter to index2.php.
CVE-2005-3772 1 Joomla 1 Joomla 2017-07-10 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow remote attackers to execute arbitrary SQL commands via the (1) Itemid variable in the Polls modules and (2) multiple unspecified methods in the mosDBTable class.
CVE-2017-8057 1 Joomla 1 Joomla\! 2017-05-03 5.0 MEDIUM 5.3 MEDIUM
In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting.
CVE-2017-7987 1 Joomla 1 Joomla\! 2017-05-03 4.3 MEDIUM 6.1 MEDIUM
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.
CVE-2017-7983 1 Joomla 1 Joomla\! 2017-05-03 5.0 MEDIUM 5.3 MEDIUM
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.
CVE-2017-7986 1 Joomla 1 Joomla\! 2017-05-02 4.3 MEDIUM 6.1 MEDIUM
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.
CVE-2017-7989 1 Joomla 1 Joomla\! 2017-05-02 4.0 MEDIUM 6.5 MEDIUM
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.
CVE-2017-7984 1 Joomla 1 Joomla\! 2017-05-02 4.3 MEDIUM 6.1 MEDIUM
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component.
CVE-2016-9081 1 Joomla 1 Joomla\! 2017-01-26 7.5 HIGH 9.8 CRITICAL
Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors.
CVE-2013-5583 1 Joomla 1 Joomla\! 2016-12-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVE-2016-9837 1 Joomla 1 Joomla\! 2016-12-22 5.0 MEDIUM 7.5 HIGH
An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view articles that should not be publicly accessible, as demonstrated by an index.php?option=com_content&view=article&id=1&template=beez3 request.
CVE-2015-6939 1 Joomla 1 Joomla\! 2016-12-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-9836 1 Joomla 1 Joomla\! 2016-12-07 7.5 HIGH 9.8 CRITICAL
The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions. Additionally, JHelperMedia::canUpload() did not blacklist these file extensions as uploadable file types.
CVE-2015-8769 1 Joomla 1 Joomla\! 2016-12-07 7.5 HIGH 7.3 HIGH
SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors.