Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Joomla Subscribe
Filtered by product Joomla\!
Total 578 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-23752 1 Joomla 1 Joomla\! 2023-02-24 N/A 5.3 MEDIUM
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
CVE-2023-23751 1 Joomla 1 Joomla\! 2023-02-08 N/A 4.3 MEDIUM
An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.
CVE-2023-23750 1 Joomla 1 Joomla\! 2023-02-08 N/A 6.3 MEDIUM
An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.
CVE-2019-12764 1 Joomla 1 Joomla\! 2023-01-30 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in Joomla! before 3.9.7. The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users.
CVE-2019-12765 1 Joomla 1 Joomla\! 2023-01-30 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection.
CVE-2019-12766 1 Joomla 1 Joomla\! 2023-01-30 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors.
CVE-2022-27914 1 Joomla 1 Joomla\! 2022-11-09 N/A 6.1 MEDIUM
An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.
CVE-2022-27913 1 Joomla 1 Joomla\! 2022-10-27 N/A 6.1 MEDIUM
An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components.
CVE-2022-27912 1 Joomla 1 Joomla\! 2022-10-26 N/A 5.3 MEDIUM
An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests.
CVE-2022-27911 1 Joomla 1 Joomla\! 2022-09-04 N/A 5.3 MEDIUM
An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes.
CVE-2021-26029 1 Joomla 1 Joomla\! 2022-07-12 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field.
CVE-2021-26027 1 Joomla 1 Joomla\! 2022-07-12 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article.
CVE-2019-11358 10 Backdropcms, Debian, Drupal and 7 more 104 Backdrop, Debian Linux, Drupal and 101 more 2022-04-06 4.3 MEDIUM 6.1 MEDIUM
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2022-23794 1 Joomla 1 Joomla\! 2022-04-05 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application.
CVE-2022-23793 1 Joomla 1 Joomla\! 2022-04-05 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path.
CVE-2022-23795 1 Joomla 1 Joomla\! 2022-04-05 6.8 MEDIUM 9.8 CRITICAL
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover.
CVE-2022-23799 1 Joomla 1 Joomla\! 2022-04-05 6.8 MEDIUM 9.8 CRITICAL
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.
CVE-2022-23797 1 Joomla 1 Joomla\! 2022-04-05 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection.
CVE-2022-23798 1 Joomla 1 Joomla\! 2022-04-05 5.8 MEDIUM 6.1 MEDIUM
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.
CVE-2022-23796 1 Joomla 1 Joomla\! 2022-04-05 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields.