Total
578 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-16725 | 1 Joomla | 1 Joomla\! | 2019-09-25 | 4.3 MEDIUM | 6.1 MEDIUM |
In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates. | |||||
CVE-2019-11809 | 1 Joomla | 1 Joomla\! | 2019-05-20 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector. | |||||
CVE-2019-10945 | 1 Joomla | 1 Joomla\! | 2019-04-17 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory. | |||||
CVE-2017-8917 | 1 Joomla | 1 Joomla\! | 2019-04-16 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2017-7985 | 1 Joomla | 1 Joomla\! | 2019-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components. | |||||
CVE-2019-9711 | 1 Joomla | 1 Joomla\! | 2019-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS. | |||||
CVE-2019-9712 | 1 Joomla | 1 Joomla\! | 2019-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Joomla! before 3.9.4. The JSON handler in com_config lacks input validation, leading to XSS. | |||||
CVE-2019-9714 | 1 Joomla | 1 Joomla\! | 2019-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Joomla! before 3.9.4. The media form field lacks escaping, leading to XSS. | |||||
CVE-2019-6263 | 1 Joomla | 1 Joomla\! | 2019-02-26 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS. | |||||
CVE-2019-6262 | 1 Joomla | 1 Joomla\! | 2019-02-26 | 3.5 LOW | 5.4 MEDIUM |
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS. | |||||
CVE-2019-6261 | 1 Joomla | 1 Joomla\! | 2019-02-26 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability. | |||||
CVE-2019-6264 | 1 Joomla | 1 Joomla\! | 2019-02-26 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability. | |||||
CVE-2019-7742 | 1 Joomla | 1 Joomla\! | 2019-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector. | |||||
CVE-2019-7740 | 1 Joomla | 1 Joomla\! | 2019-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector. | |||||
CVE-2019-7741 | 1 Joomla | 1 Joomla\! | 2019-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS. | |||||
CVE-2019-7744 | 1 Joomla | 1 Joomla\! | 2019-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability. | |||||
CVE-2018-17858 | 1 Joomla | 1 Joomla\! | 2018-11-26 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend. | |||||
CVE-2018-15882 | 1 Joomla | 1 Joomla\! | 2018-11-05 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter. | |||||
CVE-2018-15880 | 1 Joomla | 1 Joomla\! | 2018-11-02 | 3.5 LOW | 5.4 MEDIUM |
An issue was discovered in Joomla! before 3.8.12. Inadequate output filtering on the user profile page could lead to a stored XSS attack. | |||||
CVE-2006-1957 | 2 Joomla, Mambo-foundation | 2 Joomla\!, Mambo | 2018-10-18 | 5.0 MEDIUM | N/A |
The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter. |