Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Joomla Subscribe
Total 912 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-8421 1 Joomla 1 Joomla\! 2020-02-06 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs.
CVE-2011-4912 1 Joomla 1 Joomla\! 2020-02-05 5.0 MEDIUM 5.3 MEDIUM
Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.
CVE-2011-4937 1 Joomla 1 Joomla\! 2020-02-05 5.0 MEDIUM 7.5 HIGH
Joomla! 1.7.1 has core information disclosure due to inadequate error checking.
CVE-2011-3629 1 Joomla 1 Joomla\! 2020-02-05 5.0 MEDIUM 7.5 HIGH
Joomla! core 1.7.1 allows information disclosure due to weak encryption
CVE-2011-3595 1 Joomla 1 Joomla\! 2020-01-24 3.5 LOW 5.4 MEDIUM
Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters.
CVE-2011-4907 1 Joomla 1 Joomla\! 2020-01-22 5.0 MEDIUM 5.3 MEDIUM
Joomla! 1.5x through 1.5.12: Missing JEXEC Check
CVE-2012-1563 1 Joomla 1 Joomla\! 2020-01-22 5.0 MEDIUM 7.5 HIGH
Joomla! before 2.5.3 allows Admin Account Creation.
CVE-2012-1562 1 Joomla 1 Joomla\! 2020-01-22 5.0 MEDIUM 7.5 HIGH
Joomla! core before 2.5.3 allows unauthorized password change.
CVE-2019-19845 1 Joomla 1 Joomla\! 2019-12-19 5.0 MEDIUM 5.3 MEDIUM
In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure.
CVE-2019-19846 1 Joomla 1 Joomla\! 2019-12-18 7.5 HIGH 9.8 CRITICAL
In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.
CVE-2019-18674 1 Joomla 1 Joomla\! 2019-11-06 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure.
CVE-2019-18650 1 Joomla 1 Joomla\! 2019-11-06 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability.
CVE-2018-15881 1 Joomla 1 Joomla\! 2019-10-02 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can lead to an ACL violation.
CVE-2017-14595 1 Joomla 1 Joomla\! 2019-10-02 4.3 MEDIUM 3.7 LOW
In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.
CVE-2018-17859 1 Joomla 1 Joomla\! 2019-10-02 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Joomla! before 3.8.13. Inadequate checks in com_contact could allow mail submission in disabled forms.
CVE-2018-11325 1 Joomla 1 Joomla\! 2019-10-02 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen.
CVE-2018-17857 1 Joomla 1 Joomla\! 2019-10-02 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Joomla! before 3.8.13. Inadequate checks on the tags search fields can lead to an access level violation.
CVE-2018-11323 1 Joomla 1 Joomla\! 2019-10-02 6.5 MEDIUM 8.8 HIGH
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions.
CVE-2017-7988 1 Joomla 1 Joomla\! 2019-10-02 5.0 MEDIUM 5.3 MEDIUM
In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article.
CVE-2010-0467 2 Chillcreations, Joomla 2 Com Ccnewsletter, Joomla\! 2019-09-27 5.0 MEDIUM 5.8 MEDIUM
Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.