Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) "GET and other variables" and (2) "SEF".
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla | 1.0.1 |
| joomla | joomla | 1.0.2 |
| joomla | joomla | 1.0 |
| joomla | joomla | 1.0.3 |
Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow remote attackers to execute arbitrary SQL commands via the (1) Itemid variable in the Polls modules and (2) multiple unspecified methods in the mosDBTable class.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla | 1.0.1 |
| joomla | joomla | 1.0.2 |
| joomla | joomla | 1.0 |
| joomla | joomla | 1.0.3 |
Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact and attack vectors, related to "Potential misuse of Media component file management functions."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla | 1.0.1 |
| joomla | joomla | 1.0.2 |
| joomla | joomla | 1.0 |
| joomla | joomla | 1.0.3 |
Joomla! 1.03 does not restrict the number of "Search" Mambots, which allows remote attackers to cause a denial of service (resource consumption) via a large number of Search Mambots.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-770,CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 1.0.3 |
The vCard functions in Joomla! 1.0.5 use predictable sequential IDs for vcards and do not restrict access to them, which allows remote attackers to obtain valid e-mail addresses to conduct spam attacks by modifying the contact_id parameter to index2.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla | 1.0.5 |
Multiple unspecified vulnerabilities in the (1) publishing component, (2) Contact Component, (3) TinyMCE Compressor, and (4) other components in Joomla! 1.0.5 and earlier have unknown impact and attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla | 1.0.1 |
| joomla | joomla | 1.0.4 |
| joomla | joomla | 1.0.2 |
| joomla | joomla | 1.0 |
| joomla | joomla | 1.0.5 |
| joomla | joomla | 1.0.3 |
feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via a "/" (slash) in the feed parameter to index.php, which reveals the path in an error message.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla | 1.0.7 |
feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to cause a denial of service (stressed file cache) by creating many files via filenames in the feed parameter to index.php.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla | 1.0.7 |
The cross-site scripting (XSS) countermeasures in class.inputfilter.php in Joomla! 1.0.7 allow remote attackers to cause a denial of service via a crafted mosmsg parameter to index.php with a malformed sequence of multiple tags, as demonstrated using "<<>AAA<><>", possibly due to nested or empty tags.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla | 1.0.7 |
Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via an unspecified attack vector that reveals the path.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla | 1.0.7 |
Unspecified vulnerability in the "Remember Me login functionality" in Joomla! 1.0.7 and earlier has unknown impact and attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla | 1.0.1 |
| joomla | joomla | 1.0.4 |
| joomla | joomla | 1.0.0 |
| joomla | joomla | 1.0.2 |
| joomla | joomla | 1.0.5 |
| joomla | joomla | 1.0.6 |
| joomla | joomla | 1.0.7 |
| joomla | joomla | 1.0.3 |
Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the (1) Weblink, (2) Polls, (3) Newsfeeds, (4) Weblinks, (5) Content, (6) Content Section, (7) Content Category, (8) Contact items, or (9) Contact Search, (10) Content Search, (11) Newsfeed Search, or (12) Weblink Search.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla | 1.0.1 |
| joomla | joomla | 1.0.4 |
| joomla | joomla | 1.0.2 |
| joomla | joomla | 1.0 |
| joomla | joomla | 1.0.5 |
| joomla | joomla | 1.0.6 |
| joomla | joomla | 1.0.7 |
| joomla | joomla | 1.0.3 |
Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla | 1.0.1 |
| joomla | joomla | 1.0.4 |
| joomla | joomla | 1.0.0 |
| joomla | joomla | 1.0.2 |
| joomla | joomla | * |
| joomla | joomla | 1.0.5 |
| joomla | joomla | 1.0.6 |
| joomla | joomla | 1.0.3 |
The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | mambo | 4.5.3h |
| joomla | joomla | 1.0.7 |
The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
| mambo-foundation | mambo | - |
PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla | 1.0 |
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.10 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters involving the (1) getUserStateFromRequest function, and the (2) SEF and (3) com_messages modules.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla | 1.0.8 |
| joomla | joomla | 1.0.1 |
| joomla | joomla | 1.0.4 |
| joomla | joomla | 1.0.2 |
| joomla | joomla | 1.0.9 |
| joomla | joomla | 1.0 |
| joomla | joomla | 1.0.5 |
| joomla | joomla | 1.0.7 |
| joomla | joomla | 1.0.3 |
Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow remote attackers to execute arbitrary SQL commands via unspecified parameters involving the (1) "Remember Me" function, (2) "Related Items" module, and the (3) "Weblinks submission".
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla | 1.0.8 |
| joomla | joomla | 1.0.1 |
| joomla | joomla | 1.0.4 |
| joomla | joomla | 1.0.2 |
| joomla | joomla | 1.0.9 |
| joomla | joomla | 1.0 |
| joomla | joomla | 1.0.5 |
| joomla | joomla | 1.0.7 |
| joomla | joomla | 1.0.3 |
PHP remote file inclusion vulnerability in com_pccookbook/pccookbook.php in the PccookBook Component for Mambo and Joomla 0.3 and possibly up to 1.3.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | pc_cookbook | 1.3.1 |
| joomla | pc_cookbook | 0.3 |
PHP remote file inclusion vulnerability in performs.php in the perForms component (com_performs) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | performs_component | * |
PHP remote file inclusion vulnerability in lmo.php in the LMO Component (com_lmo) 1.0b2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | lmo | * |
PHP remote file inclusion vulnerability in lib/tpl/default/main.php in the JD-Wiki Component (com_jd-wiki) 1.0.2 and earlier for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | jd-wiki | * |
PHP remote file inclusion vulnerability in admin.x-shop.php in the x-shop component (com_x-shop) 1.7 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third party researchers, stating that there is no mosConfig_absolute_path parameter and no admin.x-shop.php file in the reported package
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | x-shop_component | * |
| joomla | x-shop_component | * |
Multiple PHP remote file inclusion vulnerabilities in the Rssxt component for Joomla! (com_rssxt), possibly 2.0 Beta 1 or 1.0 and earlier, allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) pinger.php, (2) RPC.php, or (3) rssxt.php. NOTE: another researcher has disputed this issue, saying that the attacker can not control this parameter. In addition, as of 20060825, the original researcher has appeared to be unreliable with some other past reports. CVE has not performed any followup analysis with respect to this issue
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | rssxt_component | * |
| joomla | rssxt_component | 1.0 |
PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not include an index.php file. Also, this might be related to CVE-2006-4242
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | jim_component | * |
| mambo | jim_component | * |
Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-comments-post.php, (2) wp-feed.php, or (3) wp-trackback.php.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | jd-wordpress | 2.0.1.0_rc2 |
PHP remote file inclusion vulnerability in BSQ Sitestats (bsq_sitestats) before 2.1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | bsq_sitestats | 2.1.1 |
Unspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 for Joomla! allows remote attackers to have an unknown impact, related to "Joomla globals hacked by script kiddies."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomlalib | * |
| joomla | joomlalib | 1.1.1_beta |
| joomla | joomlalib | 1.0.0_alpha |
Unspecified vulnerability in Events 1.3 beta module (com_events) for Joomla! has unspecified impact and attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | events_module | 1.3_beta |
| joomla | com_events | 1.3 |
Unspecified vulnerability in SEF404x (com_sef) for Joomla! has unspecified impact and attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | com_sef | * |
| joomla | sef4040x | * |
Unspecified vulnerability in Hot Properties (possibly com_hotproperties) 0.97 and earlier for Joomla! has unspecified impact and attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | hot_properties | * |
| joomla | com_hotproperties | * |
Unspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and earlier for Joomla! has unspecified impact and attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | com_mosmedia | * |
| joomla | mosmedia | * |
Unspecified vulnerability in Prince Clan (Princeclan) Chess component (com_pcchess) 0.8 and earlier for Mambo and Joomla! has unspecified impact and attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | prince_clan_chess_component | * |
| mambo | prince_clan_chess_component | * |
Unspecified vulnerability in RS Gallery2 (com_rsgallery2) 1.11.3 and earlier for Joomla! has unspecified impact and attack vectors, related to lack of "hardened language files."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | rs_gallery2 | 1.10.14_alpha |
| joomla | rs_gallery2 | 1.11.1_alpha |
| joomla | rs_gallery2 | * |
| joomla | rs_gallery2 | 1.10.12_alpha |
| joomla | rs_gallery2 | 1.10.13_alpha |
| joomla | rs_gallery2 | 1.10.1_alpha |
| joomla | rs_gallery2 | 1.11.0_alpha |
| joomla | rs_gallery2 | 1.9.4_alpha |
| joomla | rs_gallery2 | 1.10.3_alpha |
| joomla | rs_gallery2 | 1.10.8_alpha |
| joomla | rs_gallery2 | 1.10.9_alpha |
| joomla | rs_gallery2 | 1.11.2_alpha |
| joomla | rs_gallery2 | 1.10.6_alpha |
| joomla | rs_gallery2 | 1.10.10_alpha |
| joomla | rs_gallery2 | 1.9.5_alpha |
| joomla | rs_gallery2 | 1.10.11_alpha |
| joomla | rs_gallery2 | 1.10.4_alpha |
| joomla | rs_gallery2 | 1.10.5_alpha |
| joomla | rs_gallery2 | 1.10.2_alpha |
| joomla | rs_gallery2 | 1.10.7_alpha |
Unspecified vulnerability in rsgallery2.html.php in RS Gallery2 component (com_rsgallery2) before 1.11.3 for Joomla! allows attackers to execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | rs_gallery2 | 1.10.14_alpha |
| joomla | rs_gallery2 | 1.11.1_alpha |
| joomla | rs_gallery2 | * |
| joomla | rs_gallery2 | 1.10.12_alpha |
| joomla | rs_gallery2 | 1.10.13_alpha |
| joomla | rs_gallery2 | 1.10.1_alpha |
| joomla | rs_gallery2 | 1.11.0_alpha |
| joomla | rs_gallery2 | 1.9.4_alpha |
| joomla | rs_gallery2 | 1.10.3_alpha |
| joomla | rs_gallery2 | 1.10.8_alpha |
| joomla | rs_gallery2 | 1.10.9_alpha |
| joomla | rs_gallery2 | 1.10.6_alpha |
| joomla | rs_gallery2 | 1.10.10_alpha |
| joomla | rs_gallery2 | 1.9.5_alpha |
| joomla | rs_gallery2 | 1.10.11_alpha |
| joomla | rs_gallery2 | 1.10.4_alpha |
| joomla | rs_gallery2 | 1.10.5_alpha |
| joomla | rs_gallery2 | 1.10.2_alpha |
| joomla | rs_gallery2 | 1.10.7_alpha |
Unspecified vulnerability in Classifieds (com_classifieds) component 1.3 and earlier for Joomla! has unspecified impact and attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | classifieds_component | * |
| joomla | com_classifieds | * |
PHP remote file inclusion vulnerability in jambook.php in the Jambook (com_Jambook) 1.0 beta7 module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a reliable third party because the jambook.php protects against direct request
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | jambook | 1.0_beta_7 |
| mambo | jambook | 1.0_beta_7 |
PHP remote file inclusion vulnerability in preview.php in the swMenuFree (com_swmenufree) 4.6 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: a reliable third party disputes this issue because preview.php tests a certain constant to prevent direct requests
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| swmenupro | swmenufree | 4.6 |
| joomla | joomla | * |
Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-319,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 1.5.8 |
SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | com_libros | * |
SQL injection vulnerability in the casino (com_casino) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) category or (2) player action to index.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | com_casino | 1.0 |
Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 1.5.3 |
| joomla | joomla! | 1.5.8 |
| joomla | joomla! | 1.5.9 |
| joomla | joomla! | 1.5.1 |
| joomla | joomla! | 1.5.2 |
| joomla | joomla! | 1.5.4 |
| joomla | joomla! | 1.5.17 |
| joomla | joomla! | 1.5.11 |
| joomla | joomla! | 1.5.12 |
| joomla | joomla! | 1.5.15 |
| joomla | joomla! | 1.5.16 |
| joomla | joomla! | 1.5.7 |
| joomla | joomla! | 1.5.13 |
| joomla | joomla! | 1.5.10 |
| joomla | joomla! | 1.5.14 |
| joomla | joomla! | 1.5.0 |
| joomla | joomla! | 1.5.6 |
| joomla | joomla! | 1.5.5 |
SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the feedid parameter in a categories action to index.php.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | com_newsfeeds | * |
Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 1.5.3 |
| joomla | joomla! | 1.5.8 |
| joomla | joomla! | 1.5.9 |
| joomla | joomla! | 1.5.1 |
| joomla | joomla! | 1.5.2 |
| joomla | joomla! | 1.5.4 |
| joomla | joomla! | 1.5.17 |
| joomla | joomla! | 1.5.11 |
| joomla | joomla! | 1.5.12 |
| joomla | joomla! | 1.5.15 |
| joomla | joomla! | 1.5.16 |
| joomla | joomla! | 1.5.19 |
| joomla | joomla! | 1.5.7 |
| joomla | joomla! | 1.5.13 |
| joomla | joomla! | 1.5.18 |
| joomla | joomla! | 1.5.10 |
| joomla | joomla! | 1.5.14 |
| joomla | joomla! | 1.5.0 |
| joomla | joomla! | 1.5.6 |
| joomla | joomla! | 1.5.5 |
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
| joomla | com_weblinks | * |
PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | com_sef | * |
Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities," as demonstrated by the query string to index.php in the com_weblinks or com_content component.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 1.5.20 |
| joomla | joomla! | 1.5.3 |
| joomla | joomla! | 1.5.8 |
| joomla | joomla! | 1.5.9 |
| joomla | joomla! | 1.5.1 |
| joomla | joomla! | 1.5.2 |
| joomla | joomla! | 1.5.4 |
| joomla | joomla! | 1.5.17 |
| joomla | joomla! | 1.5.11 |
| joomla | joomla! | 1.5.12 |
| joomla | joomla! | 1.5.15 |
| joomla | joomla! | 1.5.16 |
| joomla | joomla! | 1.5.19 |
| joomla | joomla! | 1.5.7 |
| joomla | joomla! | 1.5.13 |
| joomla | joomla! | 1.5.18 |
| joomla | joomla! | 1.5.10 |
| joomla | joomla! | 1.5.14 |
| joomla | joomla! | 1.5.0 |
| joomla | joomla! | 1.5.6 |
| joomla | joomla! | 1.5.5 |
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 1.5.20 |
| joomla | joomla! | 1.5.3 |
| joomla | joomla! | 1.5.8 |
| joomla | joomla! | 1.5.9 |
| joomla | joomla! | 1.5.1 |
| joomla | joomla! | 1.5.2 |
| joomla | joomla! | 1.5.4 |
| joomla | joomla! | 1.5.17 |
| joomla | joomla! | 1.5.11 |
| joomla | joomla! | 1.5.12 |
| joomla | joomla! | 1.5.15 |
| joomla | joomla! | 1.5.16 |
| joomla | joomla! | 1.5.19 |
| joomla | joomla! | 1.5.21 |
| joomla | joomla! | 1.5.7 |
| joomla | joomla! | 1.5.13 |
| joomla | joomla! | 1.5.18 |
| joomla | joomla! | 1.5.10 |
| joomla | joomla! | 1.5.14 |
| joomla | joomla! | 1.5.0 |
| joomla | joomla! | 1.5.6 |
| joomla | joomla! | 1.5.5 |
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 1.5.20 |
| joomla | joomla! | 1.5.3 |
| joomla | joomla! | 1.5.8 |
| joomla | joomla! | 1.5.9 |
| joomla | joomla! | 1.5.1 |
| joomla | joomla! | 1.5.2 |
| joomla | joomla! | 1.5.4 |
| joomla | joomla! | 1.5.17 |
| joomla | joomla! | 1.5.11 |
| joomla | joomla! | 1.5.12 |
| joomla | joomla! | 1.5.15 |
| joomla | joomla! | 1.5.16 |
| joomla | joomla! | 1.5.19 |
| joomla | joomla! | 1.5.21 |
| joomla | joomla! | 1.5.7 |
| joomla | joomla! | 1.5.13 |
| joomla | joomla! | 1.5.18 |
| joomla | joomla! | 1.5.10 |
| joomla | joomla! | 1.5.14 |
| joomla | joomla! | 1.5.0 |
| joomla | joomla! | 1.5.6 |
| joomla | joomla! | 1.5.5 |
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a categories action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | com_weblinks | * |
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | com_elite_experts | * |
SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) component 2.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | com_camelcitydb2 | 2.2 |
Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | com_search | * |
Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 1.5.20 |
| joomla | joomla! | 1.5.3 |
| joomla | joomla! | 1.5.8 |
| joomla | joomla! | 1.5.9 |
| joomla | joomla! | 1.5.1 |
| joomla | joomla! | 1.5.2 |
| joomla | joomla! | 1.5.4 |
| joomla | joomla! | 1.5.17 |
| joomla | joomla! | 1.5.11 |
| joomla | joomla! | 1.5.12 |
| joomla | joomla! | 1.5.15 |
| joomla | joomla! | 1.5.16 |
| joomla | joomla! | 1.5.19 |
| joomla | joomla! | 1.5.21 |
| joomla | joomla! | 1.5.7 |
| joomla | joomla! | 1.5.13 |
| joomla | joomla! | * |
| joomla | joomla! | 1.5.18 |
| joomla | joomla! | 1.5.10 |
| joomla | joomla! | 1.5.14 |
| joomla | joomla! | 1.5.0 |
| joomla | joomla! | 1.5.6 |
| joomla | joomla! | 1.5.5 |
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component, as demonstrated by the Itemid parameter to index.php; (2) the query string to the com_content component, as demonstrated by the filter_order parameter to index.php; (3) the query string to the com_newsfeeds component, as demonstrated by an arbitrary parameter to index.php; or (4) the option parameter in a reset.request action to index.php; and, when Internet Explorer or Konqueror is used, (5) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 1.5.22 |
| joomla | joomla! | 1.5.1 |
| joomla | joomla! | 1.5.2 |
| joomla | joomla! | 1.5.4 |
| joomla | joomla! | 1.5.17 |
| joomla | joomla! | 1.5.11 |
| joomla | joomla! | 1.5.12 |
| joomla | joomla! | 1.5.15 |
| joomla | joomla! | * |
| joomla | joomla! | 1.5.18 |
| joomla | joomla! | 1.5.10 |
| joomla | joomla! | 1.5.0 |
| joomla | joomla! | 1.5.6 |
| joomla | joomla! | 1.6.1 |
| joomla | joomla! | 1.5.20 |
| joomla | joomla! | 1.5.3 |
| joomla | joomla! | 1.5.8 |
| joomla | joomla! | 1.5.9 |
| joomla | joomla! | 1.5.23 |
| joomla | joomla! | 1.5.16 |
| joomla | joomla! | 1.5.19 |
| joomla | joomla! | 1.5.21 |
| joomla | joomla! | 1.6 |
| joomla | joomla! | 1.5.7 |
| joomla | joomla! | 1.5.13 |
| joomla | joomla! | 1.5.14 |
| joomla | joomla! | 1.6.0 |
| joomla | joomla! | 1.5.5 |
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component. NOTE: vector 2 exists because of an incomplete fix for CVE-2011-2509.5.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 1.5.22 |
| joomla | joomla! | 1.5.1 |
| joomla | joomla! | 1.5.2 |
| joomla | joomla! | 1.5.4 |
| joomla | joomla! | 1.5.17 |
| joomla | joomla! | 1.5.11 |
| joomla | joomla! | 1.5.12 |
| joomla | joomla! | 1.5.15 |
| joomla | joomla! | * |
| joomla | joomla! | 1.5.18 |
| joomla | joomla! | 1.5.10 |
| joomla | joomla! | 1.5.0 |
| joomla | joomla! | 1.5.6 |
| joomla | joomla! | 1.6.1 |
| joomla | joomla! | 1.6.4 |
| joomla | joomla! | 1.5.20 |
| joomla | joomla! | 1.5.3 |
| joomla | joomla! | 1.5.8 |
| joomla | joomla! | 1.5.9 |
| joomla | joomla! | 1.5.23 |
| joomla | joomla! | 1.6.5 |
| joomla | joomla! | 1.5.16 |
| joomla | joomla! | 1.5.19 |
| joomla | joomla! | 1.5.21 |
| joomla | joomla! | 1.6 |
| joomla | joomla! | 1.5.7 |
| joomla | joomla! | 1.5.13 |
| joomla | joomla! | 1.6.3 |
| joomla | joomla! | 1.5.14 |
| joomla | joomla! | 1.6.0 |
| joomla | joomla! | 1.5.5 |
templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. NOTE: this might overlap CVE-2011-2488.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 1.5.20 |
| joomla | joomla! | 1.5.3 |
| joomla | joomla! | 1.5.8 |
| joomla | joomla! | 1.5.9 |
| joomla | joomla! | 1.5.1 |
| joomla | joomla! | 1.5.2 |
| joomla | joomla! | 1.5.4 |
| joomla | joomla! | 1.5.17 |
| joomla | joomla! | 1.5.11 |
| joomla | joomla! | 1.5.12 |
| joomla | joomla! | 1.5.15 |
| joomla | joomla! | 1.5.16 |
| joomla | joomla! | 1.5.19 |
| joomla | joomla! | 1.5.21 |
| joomla | joomla! | 1.5.7 |
| joomla | joomla! | 1.5.13 |
| joomla | joomla! | * |
| joomla | joomla! | 1.5.18 |
| joomla | joomla! | 1.5.10 |
| joomla | joomla! | 1.5.14 |
| joomla | joomla! | 1.5.0 |
| joomla | joomla! | 1.5.6 |
| joomla | joomla! | 1.5.5 |
The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 1.5.22 |
| joomla | joomla! | 1.5.1 |
| joomla | joomla! | 1.5.2 |
| joomla | joomla! | 1.5.4 |
| joomla | joomla! | 1.5.17 |
| joomla | joomla! | 1.5.11 |
| joomla | joomla! | 1.5.12 |
| joomla | joomla! | 1.5.15 |
| joomla | joomla! | * |
| joomla | joomla! | 1.5.18 |
| joomla | joomla! | 1.5.10 |
| joomla | joomla! | 1.5.0 |
| joomla | joomla! | 1.5.6 |
| joomla | joomla! | 1.5.20 |
| joomla | joomla! | 1.5.3 |
| joomla | joomla! | 1.5.8 |
| joomla | joomla! | 1.5.9 |
| joomla | joomla! | 1.5.16 |
| joomla | joomla! | 1.5.19 |
| joomla | joomla! | 1.5.21 |
| joomla | joomla! | 1.5.7 |
| joomla | joomla! | 1.5.13 |
| joomla | joomla! | 1.5.14 |
| joomla | joomla! | 1.5.5 |
Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 1.6.0 |
| joomla | joomla! | 1.6.1 |
| joomla | joomla! | 1.6 |
Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 1.6.0 |
| joomla | joomla! | 1.6.1 |
| joomla | joomla! | 1.6 |
Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 1.6.0 |
The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 1.5.22 |
| joomla | joomla! | 1.5.1 |
| joomla | joomla! | 1.5.2 |
| joomla | joomla! | 1.5.4 |
| joomla | joomla! | 1.5.17 |
| joomla | joomla! | 1.5.11 |
| joomla | joomla! | 1.5.12 |
| joomla | joomla! | 1.5.15 |
| joomla | joomla! | 1.5.18 |
| joomla | joomla! | 1.5.10 |
| joomla | joomla! | 1.5.0 |
| joomla | joomla! | 1.5.6 |
| joomla | joomla! | 1.5.20 |
| joomla | joomla! | 1.5.3 |
| joomla | joomla! | 1.5.8 |
| joomla | joomla! | 1.5.9 |
| joomla | joomla! | 1.5.23 |
| joomla | joomla! | 1.5.24 |
| joomla | joomla! | 1.5.16 |
| joomla | joomla! | 1.5.19 |
| joomla | joomla! | 1.5.21 |
| joomla | joomla! | 1.5.7 |
| joomla | joomla! | 1.5.13 |
| joomla | joomla! | 1.5.14 |
| joomla | joomla! | 1.5.5 |
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
| joomla | joomla! | 1.6.5 |
| joomla | joomla! | 1.6.0 |
| joomla | joomla! | 1.6.6 |
| joomla | joomla! | 1.6.1 |
| joomla | joomla! | 1.6.4 |
| joomla | joomla! | 1.6 |
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to gain privileges via unknown attack vectors related to "Inadequate checking."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 2.5.1 |
| joomla | joomla! | 2.5.3 |
| joomla | joomla! | 2.5.4 |
| joomla | joomla! | 2.5.0 |
| joomla | joomla! | 2.5.2 |
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to "Inadequate filtering" and a "SQL error."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 2.5.1 |
| joomla | joomla! | 2.5.3 |
| joomla | joomla! | 2.5.4 |
| joomla | joomla! | 2.5.0 |
| joomla | joomla! | 2.5.2 |
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 2.5.3 |
Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 2.5.3 |
Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 2.5.1 |
| joomla | joomla! | 2.5.3 |
| joomla | joomla! | 2.5.4 |
| joomla | joomla! | 2.5.0 |
| joomla | joomla! | 2.5.2 |
| joomla | joomla! | 2.5.7 |
| joomla | joomla! | 2.5.5 |
| joomla | joomla! | 2.5.6 |
plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.0.1 |
| joomla | joomla! | 2.5.3 |
| joomla | joomla! | 2.5.4 |
| joomla | joomla! | 2.5.2 |
| joomla | joomla! | 2.5.5 |
| joomla | joomla! | 2.5.1 |
| joomla | joomla! | 2.5.8 |
| joomla | joomla! | 3.0.2 |
| joomla | joomla! | 3.0.0 |
| joomla | joomla! | 2.5.0 |
| joomla | joomla! | 2.5.7 |
| joomla | joomla! | 2.5.6 |
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.0.1 |
| joomla | joomla! | 3.0.2 |
| joomla | joomla! | 3.0.0 |
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.0.1 |
| joomla | joomla! | 3.0.0 |
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.0.1 |
| joomla | joomla! | 2.5.3 |
| joomla | joomla! | 2.5.4 |
| joomla | joomla! | 2.5.2 |
| joomla | joomla! | 2.5.5 |
| joomla | joomla! | 2.5.9 |
| joomla | joomla! | 2.5.1 |
| joomla | joomla! | 2.5.8 |
| joomla | joomla! | 3.0.2 |
| joomla | joomla! | 3.0.0 |
| joomla | joomla! | 2.5.0 |
| joomla | joomla! | 2.5.7 |
| joomla | joomla! | 2.5.6 |
| joomla | joomla! | 3.0.3 |
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.0.1 |
| joomla | joomla! | 2.5.3 |
| joomla | joomla! | 2.5.4 |
| joomla | joomla! | 2.5.2 |
| joomla | joomla! | 2.5.5 |
| joomla | joomla! | 2.5.9 |
| joomla | joomla! | 2.5.1 |
| joomla | joomla! | 2.5.8 |
| joomla | joomla! | 3.0.2 |
| joomla | joomla! | 3.0.0 |
| joomla | joomla! | 2.5.0 |
| joomla | joomla! | 2.5.7 |
| joomla | joomla! | 2.5.6 |
| joomla | joomla! | 3.0.3 |
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.0.1 |
| joomla | joomla! | 2.5.3 |
| joomla | joomla! | 2.5.4 |
| joomla | joomla! | 2.5.2 |
| joomla | joomla! | 2.5.5 |
| joomla | joomla! | 2.5.9 |
| joomla | joomla! | 2.5.1 |
| joomla | joomla! | 2.5.8 |
| joomla | joomla! | 3.0.2 |
| joomla | joomla! | 3.0.0 |
| joomla | joomla! | 2.5.0 |
| joomla | joomla! | 2.5.7 |
| joomla | joomla! | 2.5.6 |
| joomla | joomla! | 3.0.3 |
Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.0.1 |
| joomla | joomla! | 2.5.3 |
| joomla | joomla! | 2.5.4 |
| joomla | joomla! | 2.5.2 |
| joomla | joomla! | 2.5.5 |
| joomla | joomla! | 2.5.9 |
| joomla | joomla! | 2.5.1 |
| joomla | joomla! | 2.5.8 |
| joomla | joomla! | 3.0.2 |
| joomla | joomla! | 3.0.0 |
| joomla | joomla! | 2.5.0 |
| joomla | joomla! | 2.5.7 |
| joomla | joomla! | 2.5.6 |
| joomla | joomla! | 3.0.3 |
plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.0.1 |
| joomla | joomla! | 2.5.3 |
| joomla | joomla! | 2.5.4 |
| joomla | joomla! | 2.5.2 |
| joomla | joomla! | 2.5.5 |
| joomla | joomla! | 2.5.9 |
| joomla | joomla! | 2.5.1 |
| joomla | joomla! | 2.5.8 |
| joomla | joomla! | 3.0.2 |
| joomla | joomla! | 3.0.0 |
| joomla | joomla! | 2.5.0 |
| joomla | joomla! | 2.5.7 |
| joomla | joomla! | 2.5.6 |
| joomla | joomla! | 3.0.3 |
Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.0.1 |
| joomla | joomla! | 2.5.3 |
| joomla | joomla! | 2.5.4 |
| joomla | joomla! | 2.5.2 |
| joomla | joomla! | 2.5.5 |
| joomla | joomla! | 2.5.9 |
| joomla | joomla! | 2.5.1 |
| joomla | joomla! | 2.5.8 |
| joomla | joomla! | 3.0.2 |
| joomla | joomla! | 3.0.0 |
| joomla | joomla! | 2.5.0 |
| joomla | joomla! | 2.5.7 |
| joomla | joomla! | 2.5.6 |
| joomla | joomla! | 3.0.3 |
administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.0.1 |
| joomla | joomla! | 3.1.2 |
| joomla | joomla! | 3.1.1 |
| joomla | joomla! | 2.5.13 |
| joomla | joomla! | 2.5.5 |
| joomla | joomla! | 2.5.9 |
| joomla | joomla! | 3.1.0 |
| joomla | joomla! | 2.5.1 |
| joomla | joomla! | 2.5.10 |
| joomla | joomla! | 3.0.0 |
| joomla | joomla! | 2.5.3 |
| joomla | joomla! | 2.5.4 |
| joomla | joomla! | 2.5.2 |
| joomla | joomla! | 3.1.3 |
| joomla | joomla! | 3.1.4 |
| joomla | joomla! | 2.5.8 |
| joomla | joomla! | 3.0.2 |
| joomla | joomla! | 2.5.12 |
| joomla | joomla! | 3.0.4 |
| joomla | joomla! | 2.5.0 |
| joomla | joomla! | 2.5.7 |
| joomla | joomla! | 2.5.11 |
| joomla | joomla! | 2.5.6 |
| joomla | joomla! | 3.0.3 |
Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.1.5 |
SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.like action to index.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | com_jvcomment | 3.0.2 |
Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.3.2 |
| joomla | joomla! | 3.2.3 |
| joomla | joomla! | 3.3.0 |
| joomla | joomla! | 3.3.3 |
| joomla | joomla! | 3.3.1 |
| joomla | joomla! | 3.2.4 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.2.0 |
Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.3.2 |
| joomla | joomla! | 2.5.13 |
| joomla | joomla! | 2.5.5 |
| joomla | joomla! | 2.5.9 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 2.5.1 |
| joomla | joomla! | 3.3.0 |
| joomla | joomla! | 2.5.10 |
| joomla | joomla! | 2.5.23 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 2.5.22 |
| joomla | joomla! | 2.5.19 |
| joomla | joomla! | 2.5.3 |
| joomla | joomla! | 2.5.4 |
| joomla | joomla! | 2.5.16 |
| joomla | joomla! | 2.5.2 |
| joomla | joomla! | 2.5.21 |
| joomla | joomla! | 2.5.20 |
| joomla | joomla! | 2.5.24 |
| joomla | joomla! | 2.5.14 |
| joomla | joomla! | 2.5.15 |
| joomla | joomla! | 3.2.3 |
| joomla | joomla! | 2.5.8 |
| joomla | joomla! | 3.3.3 |
| joomla | joomla! | 2.5.12 |
| joomla | joomla! | 3.3.1 |
| joomla | joomla! | 2.5.0 |
| joomla | joomla! | 2.5.17 |
| joomla | joomla! | 2.5.7 |
| joomla | joomla! | 2.5.11 |
| joomla | joomla! | 2.5.6 |
Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.3.2 |
| joomla | joomla! | 3.0.1 |
| joomla | joomla! | 2.5.25 |
| joomla | joomla! | 3.1.2 |
| joomla | joomla! | 3.1.1 |
| joomla | joomla! | 2.5.13 |
| joomla | joomla! | 2.5.5 |
| joomla | joomla! | 2.5.9 |
| joomla | joomla! | 3.1.0 |
| joomla | joomla! | 3.1.5 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 3.3.0 |
| joomla | joomla! | 2.5.10 |
| joomla | joomla! | 3.0.0 |
| joomla | joomla! | 3.2.4 |
| joomla | joomla! | 3.1.6 |
| joomla | joomla! | 2.5.23 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 2.5.22 |
| joomla | joomla! | 2.5.19 |
| joomla | joomla! | 2.5.4 |
| joomla | joomla! | 2.5.16 |
| joomla | joomla! | 3.1.3 |
| joomla | joomla! | 2.5.21 |
| joomla | joomla! | 3.1.4 |
| joomla | joomla! | 2.5.20 |
| joomla | joomla! | 3.2.5 |
| joomla | joomla! | 2.5.24 |
| joomla | joomla! | 2.5.14 |
| joomla | joomla! | 2.5.15 |
| joomla | joomla! | 3.2.3 |
| joomla | joomla! | 2.5.8 |
| joomla | joomla! | 3.0.2 |
| joomla | joomla! | 3.3.3 |
| joomla | joomla! | 2.5.12 |
| joomla | joomla! | 2.5.18 |
| joomla | joomla! | 3.3.1 |
| joomla | joomla! | 3.0.4 |
| joomla | joomla! | 2.5.17 |
| joomla | joomla! | 2.5.7 |
| joomla | joomla! | 2.5.11 |
| joomla | joomla! | 2.5.6 |
| joomla | joomla! | 3.3.4 |
| joomla | joomla! | 3.0.3 |
Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.3.2 |
| joomla | joomla! | 2.5.25 |
| joomla | joomla! | 2.5.13 |
| joomla | joomla! | 2.5.5 |
| joomla | joomla! | 2.5.9 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 3.3.0 |
| joomla | joomla! | 2.5.10 |
| joomla | joomla! | 3.2.4 |
| joomla | joomla! | 2.5.23 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 2.5.22 |
| joomla | joomla! | 2.5.19 |
| joomla | joomla! | 2.5.4 |
| joomla | joomla! | 2.5.16 |
| joomla | joomla! | 2.5.21 |
| joomla | joomla! | 2.5.20 |
| joomla | joomla! | 2.5.24 |
| joomla | joomla! | 2.5.14 |
| joomla | joomla! | 2.5.15 |
| joomla | joomla! | 3.2.3 |
| joomla | joomla! | 2.5.8 |
| joomla | joomla! | 3.3.3 |
| joomla | joomla! | 2.5.12 |
| joomla | joomla! | 3.3.1 |
| joomla | joomla! | 2.5.17 |
| joomla | joomla! | 2.5.7 |
| joomla | joomla! | 2.5.11 |
| joomla | joomla! | 2.5.6 |
| joomla | joomla! | 3.3.4 |
SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.1.2 |
| joomla | joomla! | 3.1.1 |
| joomla | joomla! | 3.1.6 |
| joomla | joomla! | 3.1.3 |
| joomla | joomla! | 3.1.4 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 3.1.0 |
| joomla | joomla! | 3.1.5 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.2.0 |
Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.0.1 |
| joomla | joomla! | 3.1.2 |
| joomla | joomla! | 3.1.1 |
| joomla | joomla! | 2.5.13 |
| joomla | joomla! | 2.5.5 |
| joomla | joomla! | 2.5.9 |
| joomla | joomla! | 3.1.0 |
| joomla | joomla! | 3.1.5 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 2.5.1 |
| joomla | joomla! | 2.5.10 |
| joomla | joomla! | 3.0.0 |
| joomla | joomla! | 3.1.6 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 2.5.3 |
| joomla | joomla! | 2.5.4 |
| joomla | joomla! | 2.5.16 |
| joomla | joomla! | 2.5.2 |
| joomla | joomla! | 3.1.3 |
| joomla | joomla! | 3.1.4 |
| joomla | joomla! | 2.5.14 |
| joomla | joomla! | 2.5.15 |
| joomla | joomla! | 2.5.8 |
| joomla | joomla! | 3.0.2 |
| joomla | joomla! | 2.5.12 |
| joomla | joomla! | 2.5.18 |
| joomla | joomla! | 3.0.4 |
| joomla | joomla! | 2.5.0 |
| joomla | joomla! | 2.5.17 |
| joomla | joomla! | 2.5.7 |
| joomla | joomla! | 2.5.11 |
| joomla | joomla! | 2.5.6 |
| joomla | joomla! | 3.0.3 |
Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.1.2 |
| joomla | joomla! | 3.1.6 |
| joomla | joomla! | 3.1.3 |
| joomla | joomla! | 3.1.4 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 3.1.5 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.2.0 |
Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.0.1 |
| joomla | joomla! | 3.1.2 |
| joomla | joomla! | 3.1.1 |
| joomla | joomla! | 2.5.13 |
| joomla | joomla! | 2.5.5 |
| joomla | joomla! | 2.5.9 |
| joomla | joomla! | 3.1.0 |
| joomla | joomla! | 3.1.5 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 2.5.1 |
| joomla | joomla! | 2.5.10 |
| joomla | joomla! | 3.0.0 |
| joomla | joomla! | 3.1.6 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 2.5.3 |
| joomla | joomla! | 2.5.4 |
| joomla | joomla! | 2.5.16 |
| joomla | joomla! | 2.5.2 |
| joomla | joomla! | 3.1.3 |
| joomla | joomla! | 3.1.4 |
| joomla | joomla! | 2.5.14 |
| joomla | joomla! | 2.5.15 |
| joomla | joomla! | 2.5.8 |
| joomla | joomla! | 3.0.2 |
| joomla | joomla! | 2.5.12 |
| joomla | joomla! | 2.5.18 |
| joomla | joomla! | 3.0.4 |
| joomla | joomla! | 2.5.0 |
| joomla | joomla! | 2.5.17 |
| joomla | joomla! | 2.5.7 |
| joomla | joomla! | 2.5.11 |
| joomla | joomla! | 2.5.6 |
| joomla | joomla! | 3.0.3 |
SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.3.2 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 3.2.5 |
| joomla | joomla! | 3.2.3 |
| joomla | joomla! | 3.3.0 |
| joomla | joomla! | 3.3.3 |
| joomla | joomla! | 3.4.2 |
| joomla | joomla! | 3.3.1 |
| joomla | joomla! | 3.3.5 |
| joomla | joomla! | 3.2.4 |
| joomla | joomla! | 3.4.0 |
| joomla | joomla! | 3.4.1 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 3.3.4 |
Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-601,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.3.2 |
| joomla | joomla! | 3.0.1 |
| joomla | joomla! | 3.1.2 |
| joomla | joomla! | 3.1.1 |
| joomla | joomla! | 3.2.7 |
| joomla | joomla! | 3.1.0 |
| joomla | joomla! | 3.1.5 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 3.3.6 |
| joomla | joomla! | 3.3.0 |
| joomla | joomla! | 3.3.5 |
| joomla | joomla! | 3.0.0 |
| joomla | joomla! | 3.2.4 |
| joomla | joomla! | 3.1.6 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 3.1.3 |
| joomla | joomla! | 3.1.4 |
| joomla | joomla! | 3.2.3 |
| joomla | joomla! | 3.0.2 |
| joomla | joomla! | 3.3.3 |
| joomla | joomla! | 3.3.1 |
| joomla | joomla! | 3.2.6 |
| joomla | joomla! | 3.0.4 |
| joomla | joomla! | 3.4.0 |
| joomla | joomla! | 3.4.1 |
| joomla | joomla! | 3.3.4 |
| joomla | joomla! | 3.0.3 |
Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.4.2 |
| joomla | joomla! | 3.4.3 |
| joomla | joomla! | 3.4.0 |
| joomla | joomla! | 3.4.1 |
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.3.2 |
| joomla | joomla! | 3.4.3 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 3.4.4 |
| joomla | joomla! | 3.2.3 |
| joomla | joomla! | 3.3.0 |
| joomla | joomla! | 3.3.3 |
| joomla | joomla! | 3.4.2 |
| joomla | joomla! | 3.3.1 |
| joomla | joomla! | 3.2.4 |
| joomla | joomla! | 3.4.0 |
| joomla | joomla! | 3.4.1 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 3.3.4 |
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.3.2 |
| joomla | joomla! | 3.4.3 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 3.4.4 |
| joomla | joomla! | 3.2.3 |
| joomla | joomla! | 3.3.0 |
| joomla | joomla! | 3.3.3 |
| joomla | joomla! | 3.4.2 |
| joomla | joomla! | 3.3.1 |
| joomla | joomla! | 3.2.4 |
| joomla | joomla! | 3.4.0 |
| joomla | joomla! | 3.4.1 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 3.3.4 |
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.3.2 |
| joomla | joomla! | 3.4.3 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 3.2.3 |
| joomla | joomla! | 3.3.0 |
| joomla | joomla! | 3.3.3 |
| joomla | joomla! | 3.4.2 |
| joomla | joomla! | 3.3.1 |
| joomla | joomla! | 3.2.4 |
| joomla | joomla! | 3.4.0 |
| joomla | joomla! | 3.4.1 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 3.3.4 |
The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.3.2 |
| joomla | joomla! | 3.4.3 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 3.4.4 |
| joomla | joomla! | 3.2.3 |
| joomla | joomla! | 3.3.0 |
| joomla | joomla! | 3.3.3 |
| joomla | joomla! | 3.4.2 |
| joomla | joomla! | 3.3.1 |
| joomla | joomla! | 3.2.4 |
| joomla | joomla! | 3.4.0 |
| joomla | joomla! | 3.4.1 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 3.3.4 |
The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.3.2 |
| joomla | joomla! | 3.4.3 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 3.4.4 |
| joomla | joomla! | 3.2.3 |
| joomla | joomla! | 3.3.0 |
| joomla | joomla! | 3.3.3 |
| joomla | joomla! | 3.4.2 |
| joomla | joomla! | 3.3.1 |
| joomla | joomla! | 3.2.4 |
| joomla | joomla! | 3.4.0 |
| joomla | joomla! | 3.4.1 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 3.3.4 |
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.3.2 |
| joomla | joomla! | 1.5.1 |
| joomla | joomla! | 1.5.2 |
| joomla | joomla! | 1.5.4 |
| joomla | joomla! | 3.1.2 |
| joomla | joomla! | 2.5.13 |
| joomla | joomla! | 1.5.11 |
| joomla | joomla! | 1.5.12 |
| joomla | joomla! | 1.5.15 |
| joomla | joomla! | 2.5.9 |
| joomla | joomla! | 3.1.0 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.3.0 |
| joomla | joomla! | 1.5.18 |
| joomla | joomla! | 3.0.0 |
| joomla | joomla! | 3.2.4 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 1.5.6 |
| joomla | joomla! | 1.6.1 |
| joomla | joomla! | 1.6.4 |
| joomla | joomla! | 2.5.22 |
| joomla | joomla! | 1.5.9 |
| joomla | joomla! | 2.5.19 |
| joomla | joomla! | 2.5.3 |
| joomla | joomla! | 3.4.3 |
| joomla | joomla! | 2.5.16 |
| joomla | joomla! | 2.5.2 |
| joomla | joomla! | 1.5.25 |
| joomla | joomla! | 1.6.5 |
| joomla | joomla! | 2.5.21 |
| joomla | joomla! | 3.4.5 |
| joomla | joomla! | 1.7.3 |
| joomla | joomla! | 2.5.20 |
| joomla | joomla! | 1.5.16 |
| joomla | joomla! | 1.5.19 |
| joomla | joomla! | 1.5.21 |
| joomla | joomla! | 2.5.24 |
| joomla | joomla! | 2.5.14 |
| joomla | joomla! | 1.6.3 |
| joomla | joomla! | 3.0.2 |
| joomla | joomla! | 2.5.18 |
| joomla | joomla! | 3.3.1 |
| joomla | joomla! | 2.5.0 |
| joomla | joomla! | 1.7.2 |
| joomla | joomla! | 1.5.14 |
| joomla | joomla! | 2.5.11 |
| joomla | joomla! | 3.4.1 |
| joomla | joomla! | 2.5.26 |
| joomla | joomla! | 2.5.6 |
| joomla | joomla! | 3.3.4 |
| joomla | joomla! | 3.0.3 |
| joomla | joomla! | 1.5.22 |
| joomla | joomla! | 3.0.1 |
| joomla | joomla! | 2.5.25 |
| joomla | joomla! | 1.5.17 |
| joomla | joomla! | 3.1.1 |
| joomla | joomla! | 2.5.5 |
| joomla | joomla! | 3.1.5 |
| joomla | joomla! | 2.5.27 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 2.5.1 |
| joomla | joomla! | 1.5.10 |
| joomla | joomla! | 2.5.10 |
| joomla | joomla! | 1.7.0 |
| joomla | joomla! | 3.1.6 |
| joomla | joomla! | 2.5.23 |
| joomla | joomla! | 1.5.0 |
| joomla | joomla! | 1.5.20 |
| joomla | joomla! | 1.5.3 |
| joomla | joomla! | 1.5.8 |
| joomla | joomla! | 2.5.4 |
| joomla | joomla! | 1.5.23 |
| joomla | joomla! | 3.1.3 |
| joomla | joomla! | 3.1.4 |
| joomla | joomla! | 1.5.24 |
| joomla | joomla! | 1.6.2 |
| joomla | joomla! | 3.4.4 |
| joomla | joomla! | 1.5.7 |
| joomla | joomla! | 1.5.13 |
| joomla | joomla! | 2.5.15 |
| joomla | joomla! | 3.2.3 |
| joomla | joomla! | 2.5.8 |
| joomla | joomla! | 3.3.3 |
| joomla | joomla! | 2.5.12 |
| joomla | joomla! | 3.4.2 |
| joomla | joomla! | 1.7.5 |
| joomla | joomla! | 1.7.1 |
| joomla | joomla! | 2.5.17 |
| joomla | joomla! | 2.5.7 |
| joomla | joomla! | 1.6.0 |
| joomla | joomla! | 3.4.0 |
| joomla | joomla! | 2.5.28 |
| joomla | joomla! | 1.5.26 |
| joomla | joomla! | 1.6.6 |
| joomla | joomla! | 1.7.4 |
Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.3.2 |
| joomla | joomla! | 3.4.3 |
| joomla | joomla! | 3.4.5 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 3.4.4 |
| joomla | joomla! | 3.2.3 |
| joomla | joomla! | 3.3.0 |
| joomla | joomla! | 3.3.3 |
| joomla | joomla! | 3.3.1 |
| joomla | joomla! | 3.3.5 |
| joomla | joomla! | 3.2.4 |
| joomla | joomla! | 3.4.0 |
| joomla | joomla! | 3.4.1 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 3.3.4 |
Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.4.4 |
| joomla | joomla! | 3.4.3 |
| joomla | joomla! | 3.4.5 |
| joomla | joomla! | 3.4.0 |
| joomla | joomla! | 3.4.1 |
Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.3.2 |
| joomla | joomla! | 3.4.3 |
| joomla | joomla! | 3.4.5 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 3.4.4 |
| joomla | joomla! | 3.2.3 |
| joomla | joomla! | 3.3.0 |
| joomla | joomla! | 3.3.3 |
| joomla | joomla! | 3.4.2 |
| joomla | joomla! | 3.3.1 |
| joomla | joomla! | 3.2.4 |
| joomla | joomla! | 3.4.0 |
| joomla | joomla! | 3.4.1 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 3.3.4 |
The Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | session | 1.3.0 |
SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.3.2 |
| joomla | joomla! | 3.0.1 |
| joomla | joomla! | 3.1.2 |
| joomla | joomla! | 3.1.1 |
| joomla | joomla! | 3.1.0 |
| joomla | joomla! | 3.1.5 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 3.3.0 |
| joomla | joomla! | 3.0.0 |
| joomla | joomla! | 3.2.4 |
| joomla | joomla! | 3.1.6 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 3.4.6 |
| joomla | joomla! | 3.4.3 |
| joomla | joomla! | 3.1.3 |
| joomla | joomla! | 3.4.5 |
| joomla | joomla! | 3.1.4 |
| joomla | joomla! | 3.4.4 |
| joomla | joomla! | 3.2.3 |
| joomla | joomla! | 3.0.2 |
| joomla | joomla! | 3.3.3 |
| joomla | joomla! | 3.4.2 |
| joomla | joomla! | 3.3.1 |
| joomla | joomla! | 3.0.4 |
| joomla | joomla! | 3.4.0 |
| joomla | joomla! | 3.4.1 |
| joomla | joomla! | 3.3.4 |
| joomla | joomla! | 3.0.3 |
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-88,CWE-88,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
| phpmailer_project | phpmailer | * |
| wordpress | wordpress | * |
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
| phpmailer_project | phpmailer | * |
| wordpress | wordpress | * |
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.4.4 |
| joomla | joomla! | 3.6.1 |
| joomla | joomla! | 3.4.8 |
| joomla | joomla! | 3.6.3 |
| joomla | joomla! | 3.6.2 |
| joomla | joomla! | 3.4.5 |
| joomla | joomla! | 3.4.7 |
| joomla | joomla! | 3.6.0 |
| joomla | joomla! | 3.4.6 |
| joomla | joomla! | 3.5.0 |
| joomla | joomla! | 3.5.1 |
The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions. Additionally, JHelperMedia::canUpload() did not blacklist these file extensions as uploadable file types.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view articles that should not be publicly accessible, as demonstrated by an index.php?option=com_content&view=article&id=1&template=beez3 request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and password, as demonstrated by submitting a form that targets the `registration.register` task.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 1.0.0 |
| joomla | joomla! | 1.5.1 |
| joomla | joomla! | 1.0.13 |
| joomla | joomla! | 1.5.15 |
| joomla | joomla! | 3.6.0 |
| joomla | joomla! | 2.5.9 |
| joomla | joomla! | 3.1.0 |
| joomla | joomla! | 3.3.0 |
| joomla | joomla! | 3.7.0 |
| joomla | joomla! | 1.5.18 |
| joomla | joomla! | 3.3.5 |
| joomla | joomla! | 3.0.0 |
| joomla | joomla! | 3.2.4 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 1.5.6 |
| joomla | joomla! | 1.6.4 |
| joomla | joomla! | 2.5.22 |
| joomla | joomla! | 3.6.5 |
| joomla | joomla! | 2.5.19 |
| joomla | joomla! | 1.0.4 |
| joomla | joomla! | 2.5.16 |
| joomla | joomla! | 1.6.5 |
| joomla | joomla! | 2.5.20 |
| joomla | joomla! | 1.5.19 |
| joomla | joomla! | 1.5.21 |
| joomla | joomla! | 2.5.14 |
| joomla | joomla! | 2.5.18 |
| joomla | joomla! | 3.3.1 |
| joomla | joomla! | 2.5.0 |
| joomla | joomla! | 3.4.1 |
| joomla | joomla! | 2.5.6 |
| joomla | joomla! | 1.0.5 |
| joomla | joomla! | 1.5.5 |
| joomla | joomla! | 1.0.9 |
| joomla | joomla! | 1.5.17 |
| joomla | joomla! | 3.1.1 |
| joomla | joomla! | 1.0.14 |
| joomla | joomla! | 3.1.5 |
| joomla | joomla! | 1.0.7 |
| joomla | joomla! | 1.0.15 |
| joomla | joomla! | 3.1.6 |
| joomla | joomla! | 3.6.2 |
| joomla | joomla! | 2.5.23 |
| joomla | joomla! | 3.7.1 |
| joomla | joomla! | 3.4.6 |
| joomla | joomla! | 1.5.20 |
| joomla | joomla! | 3.7.3 |
| joomla | joomla! | 1.5.3 |
| joomla | joomla! | 1.5.8 |
| joomla | joomla! | 3.7.2 |
| joomla | joomla! | 3.4.4 |
| joomla | joomla! | 1.5.7 |
| joomla | joomla! | 1.5.13 |
| joomla | joomla! | 2.5.15 |
| joomla | joomla! | 2.5.8 |
| joomla | joomla! | 3.3.3 |
| joomla | joomla! | 2.5.12 |
| joomla | joomla! | 3.4.2 |
| joomla | joomla! | 2.5.7 |
| joomla | joomla! | 1.6.0 |
| joomla | joomla! | 3.4.0 |
| joomla | joomla! | 1.5.26 |
| joomla | joomla! | 1.6.6 |
| joomla | joomla! | 1.7.4 |
| joomla | joomla! | 3.3.2 |
| joomla | joomla! | 1.5.2 |
| joomla | joomla! | 1.5.4 |
| joomla | joomla! | 3.1.2 |
| joomla | joomla! | 2.5.13 |
| joomla | joomla! | 1.5.11 |
| joomla | joomla! | 3.2.7 |
| joomla | joomla! | 1.5.12 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.5.0 |
| joomla | joomla! | 1.0.12 |
| joomla | joomla! | 3.3.6 |
| joomla | joomla! | 1.0.1 |
| joomla | joomla! | 1.6.1 |
| joomla | joomla! | 3.5.1 |
| joomla | joomla! | 1.5.9 |
| joomla | joomla! | 2.5.3 |
| joomla | joomla! | 3.4.3 |
| joomla | joomla! | 1.0.6 |
| joomla | joomla! | 1.0.10 |
| joomla | joomla! | 2.5.2 |
| joomla | joomla! | 1.5.25 |
| joomla | joomla! | 2.5.21 |
| joomla | joomla! | 3.4.5 |
| joomla | joomla! | 1.7.3 |
| joomla | joomla! | 1.5.16 |
| joomla | joomla! | 1.6 |
| joomla | joomla! | 1.0.8 |
| joomla | joomla! | 2.5.24 |
| joomla | joomla! | 1.0.11 |
| joomla | joomla! | 1.6.3 |
| joomla | joomla! | 3.0.2 |
| joomla | joomla! | 3.4.8 |
| joomla | joomla! | 3.2.6 |
| joomla | joomla! | 1.7.2 |
| joomla | joomla! | 1.5.14 |
| joomla | joomla! | 2.5.11 |
| joomla | joomla! | 2.5.26 |
| joomla | joomla! | 3.3.4 |
| joomla | joomla! | 3.0.3 |
| joomla | joomla! | 1.5.22 |
| joomla | joomla! | 3.0.1 |
| joomla | joomla! | 3.6.3 |
| joomla | joomla! | 2.5.25 |
| joomla | joomla! | 3.6.4 |
| joomla | joomla! | 3.4.7 |
| joomla | joomla! | 2.5.5 |
| joomla | joomla! | 2.5.27 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 2.5.1 |
| joomla | joomla! | 1.5.10 |
| joomla | joomla! | 2.5.10 |
| joomla | joomla! | 1.7.0 |
| joomla | joomla! | 1.5.0 |
| joomla | joomla! | 1.0.2 |
| joomla | joomla! | 1.0.3 |
| joomla | joomla! | 3.6.1 |
| joomla | joomla! | 2.5.4 |
| joomla | joomla! | 1.5.23 |
| joomla | joomla! | 3.1.3 |
| joomla | joomla! | 3.1.4 |
| joomla | joomla! | 1.5.24 |
| joomla | joomla! | 1.6.2 |
| joomla | joomla! | 3.2.5 |
| joomla | joomla! | 3.2.3 |
| joomla | joomla! | 1.7.5 |
| joomla | joomla! | 3.0.4 |
| joomla | joomla! | 1.7.1 |
| joomla | joomla! | 2.5.17 |
| joomla | joomla! | 2.5.28 |
In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 1.5.1 |
| joomla | joomla! | 1.5.15 |
| joomla | joomla! | 3.6.0 |
| joomla | joomla! | 2.5.9 |
| joomla | joomla! | 3.1.0 |
| joomla | joomla! | 3.3.0 |
| joomla | joomla! | 3.7.0 |
| joomla | joomla! | 1.5.18 |
| joomla | joomla! | 3.3.5 |
| joomla | joomla! | 3.0.0 |
| joomla | joomla! | 3.2.4 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 1.5.6 |
| joomla | joomla! | 1.6.4 |
| joomla | joomla! | 2.5.22 |
| joomla | joomla! | 3.6.5 |
| joomla | joomla! | 2.5.19 |
| joomla | joomla! | 2.5.16 |
| joomla | joomla! | 1.6.5 |
| joomla | joomla! | 2.5.20 |
| joomla | joomla! | 1.5.19 |
| joomla | joomla! | 1.5.21 |
| joomla | joomla! | 2.5.14 |
| joomla | joomla! | 2.5.18 |
| joomla | joomla! | 3.3.1 |
| joomla | joomla! | 2.5.0 |
| joomla | joomla! | 3.4.1 |
| joomla | joomla! | 2.5.6 |
| joomla | joomla! | 1.5.5 |
| joomla | joomla! | 1.5.17 |
| joomla | joomla! | 3.1.1 |
| joomla | joomla! | 3.1.5 |
| joomla | joomla! | 3.1.6 |
| joomla | joomla! | 3.6.2 |
| joomla | joomla! | 2.5.23 |
| joomla | joomla! | 3.7.1 |
| joomla | joomla! | 3.4.6 |
| joomla | joomla! | 1.5.20 |
| joomla | joomla! | 3.7.3 |
| joomla | joomla! | 1.5.3 |
| joomla | joomla! | 1.5.8 |
| joomla | joomla! | 3.7.2 |
| joomla | joomla! | 3.4.4 |
| joomla | joomla! | 1.5.7 |
| joomla | joomla! | 1.5.13 |
| joomla | joomla! | 2.5.15 |
| joomla | joomla! | 2.5.8 |
| joomla | joomla! | 3.3.3 |
| joomla | joomla! | 2.5.12 |
| joomla | joomla! | 3.4.2 |
| joomla | joomla! | 2.5.7 |
| joomla | joomla! | 1.6.0 |
| joomla | joomla! | 3.4.0 |
| joomla | joomla! | 1.5.26 |
| joomla | joomla! | 1.6.6 |
| joomla | joomla! | 1.7.4 |
| joomla | joomla! | 3.3.2 |
| joomla | joomla! | 1.5.2 |
| joomla | joomla! | 1.5.4 |
| joomla | joomla! | 3.1.2 |
| joomla | joomla! | 2.5.13 |
| joomla | joomla! | 1.5.11 |
| joomla | joomla! | 1.5.12 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.5.0 |
| joomla | joomla! | 1.6.1 |
| joomla | joomla! | 3.5.1 |
| joomla | joomla! | 1.5.9 |
| joomla | joomla! | 2.5.3 |
| joomla | joomla! | 3.4.3 |
| joomla | joomla! | 2.5.2 |
| joomla | joomla! | 1.5.25 |
| joomla | joomla! | 2.5.21 |
| joomla | joomla! | 3.4.5 |
| joomla | joomla! | 1.7.3 |
| joomla | joomla! | 1.5.16 |
| joomla | joomla! | 1.6 |
| joomla | joomla! | 2.5.24 |
| joomla | joomla! | 1.6.3 |
| joomla | joomla! | 3.0.2 |
| joomla | joomla! | 3.4.8 |
| joomla | joomla! | 1.7.2 |
| joomla | joomla! | 1.5.14 |
| joomla | joomla! | 2.5.11 |
| joomla | joomla! | 2.5.26 |
| joomla | joomla! | 3.3.4 |
| joomla | joomla! | 3.0.3 |
| joomla | joomla! | 1.5.22 |
| joomla | joomla! | 3.0.1 |
| joomla | joomla! | 3.6.3 |
| joomla | joomla! | 2.5.25 |
| joomla | joomla! | 3.6.4 |
| joomla | joomla! | 3.4.7 |
| joomla | joomla! | 2.5.5 |
| joomla | joomla! | 2.5.27 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 2.5.1 |
| joomla | joomla! | 1.5.10 |
| joomla | joomla! | 2.5.10 |
| joomla | joomla! | 1.7.0 |
| joomla | joomla! | 1.5.0 |
| joomla | joomla! | 3.6.1 |
| joomla | joomla! | 2.5.4 |
| joomla | joomla! | 1.5.23 |
| joomla | joomla! | 3.1.3 |
| joomla | joomla! | 3.1.4 |
| joomla | joomla! | 1.5.24 |
| joomla | joomla! | 1.6.2 |
| joomla | joomla! | 3.2.3 |
| joomla | joomla! | 1.7.5 |
| joomla | joomla! | 3.0.4 |
| joomla | joomla! | 1.7.1 |
| joomla | joomla! | 2.5.17 |
| joomla | joomla! | 2.5.28 |
In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.7.3 |
| joomla | joomla! | 3.7.0 |
| joomla | joomla! | 3.7.4 |
| joomla | joomla! | 3.7.5 |
| joomla | joomla! | 3.7.2 |
| joomla | joomla! | 3.7.1 |
In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-90,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 1.5.1 |
| joomla | joomla! | 1.5.15 |
| joomla | joomla! | 3.6.0 |
| joomla | joomla! | 2.5.9 |
| joomla | joomla! | 3.1.0 |
| joomla | joomla! | 3.3.0 |
| joomla | joomla! | 3.7.0 |
| joomla | joomla! | 1.5.18 |
| joomla | joomla! | 3.3.5 |
| joomla | joomla! | 3.0.0 |
| joomla | joomla! | 3.2.4 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 1.5.6 |
| joomla | joomla! | 1.6.4 |
| joomla | joomla! | 2.5.22 |
| joomla | joomla! | 3.6.5 |
| joomla | joomla! | 3.7.4 |
| joomla | joomla! | 2.5.19 |
| joomla | joomla! | 2.5.16 |
| joomla | joomla! | 1.6.5 |
| joomla | joomla! | 2.5.20 |
| joomla | joomla! | 1.5.19 |
| joomla | joomla! | 1.5.21 |
| joomla | joomla! | 2.5.14 |
| joomla | joomla! | 2.5.18 |
| joomla | joomla! | 3.3.1 |
| joomla | joomla! | 2.5.0 |
| joomla | joomla! | 3.4.1 |
| joomla | joomla! | 2.5.6 |
| joomla | joomla! | 1.5.5 |
| joomla | joomla! | 1.5.17 |
| joomla | joomla! | 3.1.1 |
| joomla | joomla! | 3.1.5 |
| joomla | joomla! | 3.1.6 |
| joomla | joomla! | 3.6.2 |
| joomla | joomla! | 2.5.23 |
| joomla | joomla! | 3.7.1 |
| joomla | joomla! | 3.4.6 |
| joomla | joomla! | 1.5.20 |
| joomla | joomla! | 3.7.3 |
| joomla | joomla! | 1.5.3 |
| joomla | joomla! | 1.5.8 |
| joomla | joomla! | 3.7.2 |
| joomla | joomla! | 3.4.4 |
| joomla | joomla! | 1.5.7 |
| joomla | joomla! | 1.5.13 |
| joomla | joomla! | 2.5.15 |
| joomla | joomla! | 2.5.8 |
| joomla | joomla! | 3.3.3 |
| joomla | joomla! | 2.5.12 |
| joomla | joomla! | 3.4.2 |
| joomla | joomla! | 2.5.7 |
| joomla | joomla! | 1.6.0 |
| joomla | joomla! | 3.4.0 |
| joomla | joomla! | 1.5.26 |
| joomla | joomla! | 1.6.6 |
| joomla | joomla! | 1.7.4 |
| joomla | joomla! | 3.3.2 |
| joomla | joomla! | 1.5.2 |
| joomla | joomla! | 1.5.4 |
| joomla | joomla! | 3.1.2 |
| joomla | joomla! | 2.5.13 |
| joomla | joomla! | 1.5.11 |
| joomla | joomla! | 3.2.7 |
| joomla | joomla! | 1.5.12 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.5.0 |
| joomla | joomla! | 3.3.6 |
| joomla | joomla! | 1.6.1 |
| joomla | joomla! | 3.5.1 |
| joomla | joomla! | 1.5.9 |
| joomla | joomla! | 2.5.3 |
| joomla | joomla! | 3.4.3 |
| joomla | joomla! | 2.5.2 |
| joomla | joomla! | 1.5.25 |
| joomla | joomla! | 2.5.21 |
| joomla | joomla! | 3.4.5 |
| joomla | joomla! | 1.7.3 |
| joomla | joomla! | 1.5.16 |
| joomla | joomla! | 2.5.24 |
| joomla | joomla! | 1.6.3 |
| joomla | joomla! | 3.0.2 |
| joomla | joomla! | 3.4.8 |
| joomla | joomla! | 3.2.6 |
| joomla | joomla! | 1.7.2 |
| joomla | joomla! | 1.5.14 |
| joomla | joomla! | 2.5.11 |
| joomla | joomla! | 2.5.26 |
| joomla | joomla! | 3.3.4 |
| joomla | joomla! | 3.0.3 |
| joomla | joomla! | 1.5.22 |
| joomla | joomla! | 3.0.1 |
| joomla | joomla! | 3.6.3 |
| joomla | joomla! | 2.5.25 |
| joomla | joomla! | 3.6.4 |
| joomla | joomla! | 3.4.7 |
| joomla | joomla! | 2.5.5 |
| joomla | joomla! | 2.5.27 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 2.5.1 |
| joomla | joomla! | 1.5.10 |
| joomla | joomla! | 2.5.10 |
| joomla | joomla! | 1.7.0 |
| joomla | joomla! | 3.7.5 |
| joomla | joomla! | 1.5.0 |
| joomla | joomla! | 3.6.1 |
| joomla | joomla! | 2.5.4 |
| joomla | joomla! | 1.5.23 |
| joomla | joomla! | 3.1.3 |
| joomla | joomla! | 3.1.4 |
| joomla | joomla! | 1.5.24 |
| joomla | joomla! | 1.6.2 |
| joomla | joomla! | 3.2.5 |
| joomla | joomla! | 3.2.3 |
| joomla | joomla! | 1.7.5 |
| joomla | joomla! | 3.0.4 |
| joomla | joomla! | 1.7.1 |
| joomla | joomla! | 2.5.17 |
| joomla | joomla! | 2.5.28 |
In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 1.5.1 |
| joomla | joomla! | 1.5.15 |
| joomla | joomla! | 3.6.0 |
| joomla | joomla! | 2.5.9 |
| joomla | joomla! | 3.1.0 |
| joomla | joomla! | 3.3.0 |
| joomla | joomla! | 1.5.18 |
| joomla | joomla! | 3.3.5 |
| joomla | joomla! | 3.0.0 |
| joomla | joomla! | 3.2.4 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 1.5.6 |
| joomla | joomla! | 1.6.4 |
| joomla | joomla! | 2.5.22 |
| joomla | joomla! | 3.6.5 |
| joomla | joomla! | 2.5.19 |
| joomla | joomla! | 2.5.16 |
| joomla | joomla! | 1.6.5 |
| joomla | joomla! | 2.5.20 |
| joomla | joomla! | 1.5.19 |
| joomla | joomla! | 1.5.21 |
| joomla | joomla! | 2.5.14 |
| joomla | joomla! | 2.5.18 |
| joomla | joomla! | 3.3.1 |
| joomla | joomla! | 2.5.0 |
| joomla | joomla! | 3.4.1 |
| joomla | joomla! | 2.5.6 |
| joomla | joomla! | 1.5.5 |
| joomla | joomla! | 1.5.17 |
| joomla | joomla! | 3.1.1 |
| joomla | joomla! | 3.1.5 |
| joomla | joomla! | 3.1.6 |
| joomla | joomla! | 3.6.2 |
| joomla | joomla! | 2.5.23 |
| joomla | joomla! | 3.4.6 |
| joomla | joomla! | 1.5.20 |
| joomla | joomla! | 1.5.3 |
| joomla | joomla! | 1.5.8 |
| joomla | joomla! | 3.4.4 |
| joomla | joomla! | 1.5.7 |
| joomla | joomla! | 1.5.13 |
| joomla | joomla! | 2.5.15 |
| joomla | joomla! | 2.5.8 |
| joomla | joomla! | 3.3.3 |
| joomla | joomla! | 2.5.12 |
| joomla | joomla! | 3.4.2 |
| joomla | joomla! | 2.5.7 |
| joomla | joomla! | 1.6.0 |
| joomla | joomla! | 3.4.0 |
| joomla | joomla! | 1.5.26 |
| joomla | joomla! | 1.6.6 |
| joomla | joomla! | 1.7.4 |
| joomla | joomla! | 3.3.2 |
| joomla | joomla! | 1.5.2 |
| joomla | joomla! | 1.5.4 |
| joomla | joomla! | 3.1.2 |
| joomla | joomla! | 2.5.13 |
| joomla | joomla! | 1.5.11 |
| joomla | joomla! | 1.5.12 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.5.0 |
| joomla | joomla! | 1.6.1 |
| joomla | joomla! | 3.5.1 |
| joomla | joomla! | 1.5.9 |
| joomla | joomla! | 2.5.3 |
| joomla | joomla! | 3.4.3 |
| joomla | joomla! | 2.5.2 |
| joomla | joomla! | 1.5.25 |
| joomla | joomla! | 2.5.21 |
| joomla | joomla! | 3.4.5 |
| joomla | joomla! | 1.7.3 |
| joomla | joomla! | 1.5.16 |
| joomla | joomla! | 2.5.24 |
| joomla | joomla! | 1.6.3 |
| joomla | joomla! | 3.0.2 |
| joomla | joomla! | 3.4.8 |
| joomla | joomla! | 1.7.2 |
| joomla | joomla! | 1.5.14 |
| joomla | joomla! | 2.5.11 |
| joomla | joomla! | 2.5.26 |
| joomla | joomla! | 3.3.4 |
| joomla | joomla! | 1.5.22 |
| joomla | joomla! | 3.0.1 |
| joomla | joomla! | 3.6.3 |
| joomla | joomla! | 2.5.25 |
| joomla | joomla! | 3.6.4 |
| joomla | joomla! | 3.4.7 |
| joomla | joomla! | 2.5.5 |
| joomla | joomla! | 2.5.27 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 2.5.1 |
| joomla | joomla! | 1.5.10 |
| joomla | joomla! | 2.5.10 |
| joomla | joomla! | 1.7.0 |
| joomla | joomla! | 1.5.0 |
| joomla | joomla! | 3.6.1 |
| joomla | joomla! | 2.5.4 |
| joomla | joomla! | 1.5.23 |
| joomla | joomla! | 3.1.3 |
| joomla | joomla! | 3.1.4 |
| joomla | joomla! | 1.5.24 |
| joomla | joomla! | 1.6.2 |
| joomla | joomla! | 3.2.3 |
| joomla | joomla! | 1.7.5 |
| joomla | joomla! | 1.7.1 |
| joomla | joomla! | 2.5.17 |
| joomla | joomla! | 2.5.28 |
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.3.2 |
| joomla | joomla! | 3.6.3 |
| joomla | joomla! | 3.6.4 |
| joomla | joomla! | 3.4.7 |
| joomla | joomla! | 3.6.0 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.5.0 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 3.3.0 |
| joomla | joomla! | 3.3.5 |
| joomla | joomla! | 3.2.4 |
| joomla | joomla! | 3.6.2 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 3.4.6 |
| joomla | joomla! | 3.5.1 |
| joomla | joomla! | 3.6.1 |
| joomla | joomla! | 3.6.5 |
| joomla | joomla! | 3.4.3 |
| joomla | joomla! | 3.4.5 |
| joomla | joomla! | 3.4.4 |
| joomla | joomla! | 3.2.3 |
| joomla | joomla! | 3.3.3 |
| joomla | joomla! | 3.4.8 |
| joomla | joomla! | 3.4.2 |
| joomla | joomla! | 3.3.1 |
| joomla | joomla! | 3.4.0 |
| joomla | joomla! | 3.4.1 |
| joomla | joomla! | 3.3.4 |
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 1.5.1 |
| joomla | joomla! | 1.5.15 |
| joomla | joomla! | 3.6.0 |
| joomla | joomla! | 2.5.9 |
| joomla | joomla! | 3.1.0 |
| joomla | joomla! | 3.3.0 |
| joomla | joomla! | 1.5.18 |
| joomla | joomla! | 3.3.5 |
| joomla | joomla! | 3.0.0 |
| joomla | joomla! | 3.2.4 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 1.5.6 |
| joomla | joomla! | 1.6.4 |
| joomla | joomla! | 2.5.22 |
| joomla | joomla! | 3.6.5 |
| joomla | joomla! | 2.5.19 |
| joomla | joomla! | 2.5.16 |
| joomla | joomla! | 1.6.5 |
| joomla | joomla! | 2.5.20 |
| joomla | joomla! | 1.5.19 |
| joomla | joomla! | 1.5.21 |
| joomla | joomla! | 2.5.14 |
| joomla | joomla! | 2.5.18 |
| joomla | joomla! | 3.3.1 |
| joomla | joomla! | 2.5.0 |
| joomla | joomla! | 3.4.1 |
| joomla | joomla! | 2.5.6 |
| joomla | joomla! | 1.5.5 |
| joomla | joomla! | 1.5.17 |
| joomla | joomla! | 3.1.1 |
| joomla | joomla! | 3.1.5 |
| joomla | joomla! | 3.1.6 |
| joomla | joomla! | 3.6.2 |
| joomla | joomla! | 2.5.23 |
| joomla | joomla! | 3.4.6 |
| joomla | joomla! | 1.5.20 |
| joomla | joomla! | 1.5.3 |
| joomla | joomla! | 1.5.8 |
| joomla | joomla! | 3.4.4 |
| joomla | joomla! | 1.5.7 |
| joomla | joomla! | 1.5.13 |
| joomla | joomla! | 2.5.15 |
| joomla | joomla! | 2.5.8 |
| joomla | joomla! | 3.3.3 |
| joomla | joomla! | 2.5.12 |
| joomla | joomla! | 3.4.2 |
| joomla | joomla! | 2.5.7 |
| joomla | joomla! | 1.6.0 |
| joomla | joomla! | 3.4.0 |
| joomla | joomla! | 1.5.26 |
| joomla | joomla! | 1.6.6 |
| joomla | joomla! | 1.7.4 |
| joomla | joomla! | 3.3.2 |
| joomla | joomla! | 1.5.2 |
| joomla | joomla! | 1.5.4 |
| joomla | joomla! | 3.1.2 |
| joomla | joomla! | 2.5.13 |
| joomla | joomla! | 1.5.11 |
| joomla | joomla! | 1.5.12 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.5.0 |
| joomla | joomla! | 1.6.1 |
| joomla | joomla! | 3.5.1 |
| joomla | joomla! | 1.5.9 |
| joomla | joomla! | 2.5.3 |
| joomla | joomla! | 3.4.3 |
| joomla | joomla! | 2.5.2 |
| joomla | joomla! | 1.5.25 |
| joomla | joomla! | 2.5.21 |
| joomla | joomla! | 3.4.5 |
| joomla | joomla! | 1.7.3 |
| joomla | joomla! | 1.5.16 |
| joomla | joomla! | 2.5.24 |
| joomla | joomla! | 1.6.3 |
| joomla | joomla! | 3.0.2 |
| joomla | joomla! | 3.4.8 |
| joomla | joomla! | 1.7.2 |
| joomla | joomla! | 1.5.14 |
| joomla | joomla! | 2.5.11 |
| joomla | joomla! | 2.5.26 |
| joomla | joomla! | 3.3.4 |
| joomla | joomla! | 1.5.22 |
| joomla | joomla! | 3.0.1 |
| joomla | joomla! | 3.6.3 |
| joomla | joomla! | 2.5.25 |
| joomla | joomla! | 3.6.4 |
| joomla | joomla! | 3.4.7 |
| joomla | joomla! | 2.5.5 |
| joomla | joomla! | 2.5.27 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 2.5.1 |
| joomla | joomla! | 1.5.10 |
| joomla | joomla! | 2.5.10 |
| joomla | joomla! | 1.7.0 |
| joomla | joomla! | 1.5.0 |
| joomla | joomla! | 3.6.1 |
| joomla | joomla! | 2.5.4 |
| joomla | joomla! | 1.5.23 |
| joomla | joomla! | 3.1.3 |
| joomla | joomla! | 3.1.4 |
| joomla | joomla! | 1.5.24 |
| joomla | joomla! | 1.6.2 |
| joomla | joomla! | 3.2.3 |
| joomla | joomla! | 1.7.5 |
| joomla | joomla! | 1.7.1 |
| joomla | joomla! | 2.5.17 |
| joomla | joomla! | 2.5.28 |
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.3.2 |
| joomla | joomla! | 3.6.3 |
| joomla | joomla! | 3.6.4 |
| joomla | joomla! | 3.4.7 |
| joomla | joomla! | 3.6.0 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.5.0 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 3.3.0 |
| joomla | joomla! | 3.3.5 |
| joomla | joomla! | 3.2.4 |
| joomla | joomla! | 3.6.2 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 3.4.6 |
| joomla | joomla! | 3.5.1 |
| joomla | joomla! | 3.6.1 |
| joomla | joomla! | 3.6.5 |
| joomla | joomla! | 3.4.3 |
| joomla | joomla! | 3.4.5 |
| joomla | joomla! | 3.4.4 |
| joomla | joomla! | 3.2.3 |
| joomla | joomla! | 3.3.3 |
| joomla | joomla! | 3.4.8 |
| joomla | joomla! | 3.4.2 |
| joomla | joomla! | 3.3.1 |
| joomla | joomla! | 3.4.0 |
| joomla | joomla! | 3.4.1 |
| joomla | joomla! | 3.3.4 |
In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.3.2 |
| joomla | joomla! | 3.1.2 |
| joomla | joomla! | 2.5.13 |
| joomla | joomla! | 3.6.0 |
| joomla | joomla! | 2.5.9 |
| joomla | joomla! | 3.1.0 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.5.0 |
| joomla | joomla! | 3.3.0 |
| joomla | joomla! | 1.5.18 |
| joomla | joomla! | 3.3.5 |
| joomla | joomla! | 3.0.0 |
| joomla | joomla! | 3.2.4 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 1.6.1 |
| joomla | joomla! | 1.6.4 |
| joomla | joomla! | 2.5.22 |
| joomla | joomla! | 3.5.1 |
| joomla | joomla! | 3.6.5 |
| joomla | joomla! | 2.5.19 |
| joomla | joomla! | 2.5.3 |
| joomla | joomla! | 3.4.3 |
| joomla | joomla! | 2.5.16 |
| joomla | joomla! | 2.5.2 |
| joomla | joomla! | 1.5.25 |
| joomla | joomla! | 1.6.5 |
| joomla | joomla! | 2.5.21 |
| joomla | joomla! | 3.4.5 |
| joomla | joomla! | 1.7.3 |
| joomla | joomla! | 2.5.20 |
| joomla | joomla! | 1.5.16 |
| joomla | joomla! | 1.5.19 |
| joomla | joomla! | 1.5.21 |
| joomla | joomla! | 2.5.24 |
| joomla | joomla! | 2.5.14 |
| joomla | joomla! | 1.6.3 |
| joomla | joomla! | 3.0.2 |
| joomla | joomla! | 3.4.8 |
| joomla | joomla! | 2.5.18 |
| joomla | joomla! | 3.3.1 |
| joomla | joomla! | 2.5.0 |
| joomla | joomla! | 1.7.2 |
| joomla | joomla! | 2.5.11 |
| joomla | joomla! | 3.4.1 |
| joomla | joomla! | 2.5.26 |
| joomla | joomla! | 2.5.6 |
| joomla | joomla! | 3.3.4 |
| joomla | joomla! | 1.5.22 |
| joomla | joomla! | 3.0.1 |
| joomla | joomla! | 3.6.3 |
| joomla | joomla! | 2.5.25 |
| joomla | joomla! | 3.6.4 |
| joomla | joomla! | 1.5.17 |
| joomla | joomla! | 3.1.1 |
| joomla | joomla! | 3.4.7 |
| joomla | joomla! | 2.5.5 |
| joomla | joomla! | 3.1.5 |
| joomla | joomla! | 2.5.27 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 2.5.1 |
| joomla | joomla! | 2.5.10 |
| joomla | joomla! | 1.7.0 |
| joomla | joomla! | 3.1.6 |
| joomla | joomla! | 3.6.2 |
| joomla | joomla! | 2.5.23 |
| joomla | joomla! | 3.4.6 |
| joomla | joomla! | 1.5.20 |
| joomla | joomla! | 3.6.1 |
| joomla | joomla! | 2.5.4 |
| joomla | joomla! | 1.5.23 |
| joomla | joomla! | 3.1.3 |
| joomla | joomla! | 3.1.4 |
| joomla | joomla! | 1.5.24 |
| joomla | joomla! | 1.6.2 |
| joomla | joomla! | 3.4.4 |
| joomla | joomla! | 2.5.15 |
| joomla | joomla! | 3.2.3 |
| joomla | joomla! | 2.5.8 |
| joomla | joomla! | 3.3.3 |
| joomla | joomla! | 2.5.12 |
| joomla | joomla! | 3.4.2 |
| joomla | joomla! | 1.7.5 |
| joomla | joomla! | 1.7.1 |
| joomla | joomla! | 2.5.17 |
| joomla | joomla! | 2.5.7 |
| joomla | joomla! | 1.6.0 |
| joomla | joomla! | 3.4.0 |
| joomla | joomla! | 2.5.28 |
| joomla | joomla! | 1.5.26 |
| joomla | joomla! | 1.6.6 |
| joomla | joomla! | 1.7.4 |
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-434,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.3.2 |
| joomla | joomla! | 3.6.3 |
| joomla | joomla! | 3.6.4 |
| joomla | joomla! | 3.4.7 |
| joomla | joomla! | 3.6.0 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.5.0 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 3.3.0 |
| joomla | joomla! | 3.3.5 |
| joomla | joomla! | 3.2.4 |
| joomla | joomla! | 3.6.2 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 3.4.6 |
| joomla | joomla! | 3.5.1 |
| joomla | joomla! | 3.6.1 |
| joomla | joomla! | 3.6.5 |
| joomla | joomla! | 3.4.3 |
| joomla | joomla! | 3.4.5 |
| joomla | joomla! | 3.4.4 |
| joomla | joomla! | 3.2.3 |
| joomla | joomla! | 3.3.3 |
| joomla | joomla! | 3.4.8 |
| joomla | joomla! | 3.4.2 |
| joomla | joomla! | 3.3.1 |
| joomla | joomla! | 3.4.0 |
| joomla | joomla! | 3.4.1 |
| joomla | joomla! | 3.3.4 |
In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.6.1 |
| joomla | joomla! | 3.6.5 |
| joomla | joomla! | 3.6.3 |
| joomla | joomla! | 3.4.3 |
| joomla | joomla! | 3.6.4 |
| joomla | joomla! | 3.4.5 |
| joomla | joomla! | 3.4.7 |
| joomla | joomla! | 3.6.0 |
| joomla | joomla! | 3.5.0 |
| joomla | joomla! | 3.4.4 |
| joomla | joomla! | 3.4.8 |
| joomla | joomla! | 3.4.2 |
| joomla | joomla! | 3.6.2 |
| joomla | joomla! | 3.4.0 |
| joomla | joomla! | 3.4.1 |
| joomla | joomla! | 3.4.6 |
| joomla | joomla! | 3.5.1 |
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.7.0 |
Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.3.2 |
| joomla | joomla! | 3.1.2 |
| joomla | joomla! | 2.5.13 |
| joomla | joomla! | 3.6.0 |
| joomla | joomla! | 2.5.9 |
| joomla | joomla! | 3.1.0 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.5.0 |
| joomla | joomla! | 3.3.0 |
| joomla | joomla! | 3.7.0 |
| joomla | joomla! | 3.3.5 |
| joomla | joomla! | 3.0.0 |
| joomla | joomla! | 3.2.4 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 2.5.22 |
| joomla | joomla! | 3.5.1 |
| joomla | joomla! | 3.6.5 |
| joomla | joomla! | 2.5.19 |
| joomla | joomla! | 2.5.3 |
| joomla | joomla! | 3.4.3 |
| joomla | joomla! | 2.5.16 |
| joomla | joomla! | 2.5.2 |
| joomla | joomla! | 2.5.21 |
| joomla | joomla! | 3.4.5 |
| joomla | joomla! | 1.7.3 |
| joomla | joomla! | 2.5.20 |
| joomla | joomla! | 2.5.24 |
| joomla | joomla! | 2.5.14 |
| joomla | joomla! | 3.0.2 |
| joomla | joomla! | 3.4.8 |
| joomla | joomla! | 2.5.18 |
| joomla | joomla! | 3.3.1 |
| joomla | joomla! | 2.5.0 |
| joomla | joomla! | 2.5.11 |
| joomla | joomla! | 3.4.1 |
| joomla | joomla! | 2.5.26 |
| joomla | joomla! | 2.5.6 |
| joomla | joomla! | 3.3.4 |
| joomla | joomla! | 3.0.3 |
| joomla | joomla! | 3.0.1 |
| joomla | joomla! | 3.6.3 |
| joomla | joomla! | 2.5.25 |
| joomla | joomla! | 3.6.4 |
| joomla | joomla! | 3.1.1 |
| joomla | joomla! | 3.4.7 |
| joomla | joomla! | 2.5.5 |
| joomla | joomla! | 3.1.5 |
| joomla | joomla! | 2.5.27 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 2.5.1 |
| joomla | joomla! | 2.5.10 |
| joomla | joomla! | 3.1.6 |
| joomla | joomla! | 3.6.2 |
| joomla | joomla! | 2.5.23 |
| joomla | joomla! | 3.7.1 |
| joomla | joomla! | 3.4.6 |
| joomla | joomla! | 3.6.1 |
| joomla | joomla! | 2.5.4 |
| joomla | joomla! | 3.1.3 |
| joomla | joomla! | 3.1.4 |
| joomla | joomla! | 3.4.4 |
| joomla | joomla! | 2.5.15 |
| joomla | joomla! | 3.2.3 |
| joomla | joomla! | 2.5.8 |
| joomla | joomla! | 3.3.3 |
| joomla | joomla! | 2.5.12 |
| joomla | joomla! | 3.4.2 |
| joomla | joomla! | 1.7.5 |
| joomla | joomla! | 3.0.4 |
| joomla | joomla! | 2.5.17 |
| joomla | joomla! | 2.5.7 |
| joomla | joomla! | 3.4.0 |
| joomla | joomla! | 2.5.28 |
| joomla | joomla! | 1.7.4 |
Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.3.2 |
| joomla | joomla! | 3.1.2 |
| joomla | joomla! | 2.5.13 |
| joomla | joomla! | 3.6.0 |
| joomla | joomla! | 2.5.9 |
| joomla | joomla! | 3.1.0 |
| joomla | joomla! | 3.2.2 |
| joomla | joomla! | 3.5.0 |
| joomla | joomla! | 3.3.0 |
| joomla | joomla! | 3.7.0 |
| joomla | joomla! | 3.3.5 |
| joomla | joomla! | 3.0.0 |
| joomla | joomla! | 3.2.4 |
| joomla | joomla! | 3.2.1 |
| joomla | joomla! | 2.5.22 |
| joomla | joomla! | 3.5.1 |
| joomla | joomla! | 3.6.5 |
| joomla | joomla! | 2.5.19 |
| joomla | joomla! | 2.5.3 |
| joomla | joomla! | 3.4.3 |
| joomla | joomla! | 2.5.16 |
| joomla | joomla! | 2.5.2 |
| joomla | joomla! | 2.5.21 |
| joomla | joomla! | 3.4.5 |
| joomla | joomla! | 1.7.3 |
| joomla | joomla! | 2.5.20 |
| joomla | joomla! | 2.5.24 |
| joomla | joomla! | 2.5.14 |
| joomla | joomla! | 3.0.2 |
| joomla | joomla! | 3.4.8 |
| joomla | joomla! | 2.5.18 |
| joomla | joomla! | 3.3.1 |
| joomla | joomla! | 2.5.0 |
| joomla | joomla! | 2.5.11 |
| joomla | joomla! | 3.4.1 |
| joomla | joomla! | 2.5.26 |
| joomla | joomla! | 2.5.6 |
| joomla | joomla! | 3.3.4 |
| joomla | joomla! | 3.0.3 |
| joomla | joomla! | 3.0.1 |
| joomla | joomla! | 3.6.3 |
| joomla | joomla! | 2.5.25 |
| joomla | joomla! | 3.6.4 |
| joomla | joomla! | 3.1.1 |
| joomla | joomla! | 3.4.7 |
| joomla | joomla! | 2.5.5 |
| joomla | joomla! | 3.1.5 |
| joomla | joomla! | 2.5.27 |
| joomla | joomla! | 3.2.0 |
| joomla | joomla! | 2.5.1 |
| joomla | joomla! | 2.5.10 |
| joomla | joomla! | 3.1.6 |
| joomla | joomla! | 3.6.2 |
| joomla | joomla! | 2.5.23 |
| joomla | joomla! | 3.7.1 |
| joomla | joomla! | 3.4.6 |
| joomla | joomla! | 3.6.1 |
| joomla | joomla! | 2.5.4 |
| joomla | joomla! | 3.7.2 |
| joomla | joomla! | 3.1.3 |
| joomla | joomla! | 3.1.4 |
| joomla | joomla! | 3.4.4 |
| joomla | joomla! | 2.5.15 |
| joomla | joomla! | 3.2.3 |
| joomla | joomla! | 2.5.8 |
| joomla | joomla! | 3.3.3 |
| joomla | joomla! | 2.5.12 |
| joomla | joomla! | 3.4.2 |
| joomla | joomla! | 1.7.5 |
| joomla | joomla! | 3.0.4 |
| joomla | joomla! | 2.5.17 |
| joomla | joomla! | 2.5.7 |
| joomla | joomla! | 3.4.0 |
| joomla | joomla! | 2.5.28 |
| joomla | joomla! | 1.7.4 |
An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-434,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-209,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.8.12. Inadequate output filtering on the user profile page could lead to a stored XSS attack.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can lead to an ACL violation.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-434,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.8.13. If an attacker gets access to the mail account of an user who can approve admin verifications in the registration process, he can activate himself.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access com_joomlaupdate and trigger code execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.8.13. Inadequate checks on the tags search fields can lead to an access level violation.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.8.13. Inadequate checks in com_contact could allow mail submission in disabled forms.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.5. The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-306,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-1321,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | financial_services_price_creation_and_discovery | * |
| oracle | weblogic_server | 12.1.3.0.0 |
| oracle | rest_data_services | 18c |
| oracle | healthcare_translational_research | 3.2.1 |
| oracle | healthcare_foundation | 7.1.1 |
| oracle | insurance_ifrs_17_analyzer | 8.0.7 |
| oracle | bi_publisher | 12.2.1.4.0 |
| oracle | tape_library_acsls | 8.5.1 |
| oracle | insurance_performance_insight | 8.0.7 |
| oracle | banking_digital_experience | 19.1 |
| oracle | banking_digital_experience | 18.3 |
| oracle | financial_services_basel_regulatory_capital_internal_ratings_based_approach | * |
| oracle | bi_publisher | 5.5.0.0.0 |
| oracle | policy_automation | 10.4.7 |
| oracle | transportation_management | 1.4.3 |
| oracle | hospitality_guest_access | 4.2.1 |
| oracle | banking_digital_experience | 19.2 |
| oracle | communications_interactive_session_recorder | * |
| oracle | knowledge | * |
| oracle | peoplesoft_enterprise_peopletools | 8.57 |
| redhat | cloudforms | 4.7 |
| oracle | jdeveloper_and_adf | 12.2.1.3.0 |
| oracle | application_testing_suite | 13.2.0.1 |
| oracle | financial_services_liquidity_risk_measurement_and_management | 8.0.7 |
| oracle | financial_services_basel_regulatory_capital_internal_ratings_based_approach | 8.1.0 |
| oracle | communications_billing_and_revenue_management | 7.5 |
| oracle | communications_services_gatekeeper | 7.0 |
| juniper | junos | 21.2 |
| oracle | rest_data_services | 11.2.0.4 |
| oracle | insurance_accounting_analyzer | 8.0.9 |
| oracle | financial_services_balance_sheet_planning | 8.0.8 |
| drupal | drupal | * |
| oracle | siebel_mobile_applications | * |
| oracle | insurance_allocation_manager_for_enterprise_profitability | 8.0.8 |
| oracle | utilities_mobile_workforce_management | * |
| oracle | retail_point-of-service | 14.0 |
| oracle | communications_session_route_manager | 8.2.1 |
| oracle | healthcare_translational_research | 3.3.1 |
| oracle | storagetek_tape_analytics_sw_tool | 2.3.0 |
| debian | debian_linux | 9.0 |
| oracle | weblogic_server | 10.3.6.0.0 |
| oracle | weblogic_server | 14.1.1.0.0 |
| oracle | hospitality_materials_control | 18.1 |
| oracle | rest_data_services | 19c |
| oracle | financial_services_hedge_management_and_ifrs_valuations | * |
| oracle | communications_element_manager | 8.2.1 |
| oracle | healthcare_translational_research | 3.4.0 |
| oracle | primavera_gateway | 15.2.18 |
| netapp | snapcenter | - |
| oracle | communications_operations_monitor | * |
| oracle | bi_publisher | 12.2.1.3.0 |
| debian | debian_linux | 10.0 |
| oracle | financial_services_analytical_applications_reconciliation_framework | 8.1.0 |
| oracle | healthcare_foundation | 7.3.0 |
| oracle | primavera_unifier | 18.8 |
| oracle | financial_services_liquidity_risk_management | 8.0.2 |
| oracle | siebel_ui_framework | 20.8 |
| oracle | retail_point-of-service | 14.1 |
| oracle | hospitality_simphony | 18.2 |
| oracle | rest_data_services | 12.1.0.2 |
| joomla | joomla! | * |
| oracle | financial_services_revenue_management_and_billing | 2.4.0.1 |
| oracle | healthcare_translational_research | 3.3.2 |
| oracle | banking_platform | * |
| oracle | real-time_scheduler | * |
| oracle | retail_back_office | 14.0 |
| oracle | retail_returns_management | 14.0 |
| oracle | jdeveloper | 12.2.1.4.0 |
| oracle | financial_services_analytical_applications_infrastructure | * |
| oracle | financial_services_institutional_performance_analytics | * |
| oracle | hospitality_simphony | * |
| opensuse | backports_sle | 15.0 |
| oracle | policy_automation_connector_for_siebel | 10.4.6 |
| oracle | business_process_management_suite | 12.2.1.4.0 |
| oracle | webcenter_sites | 12.2.1.3.0 |
| oracle | financial_services_hedge_management_and_ifrs_valuations | 8.1.0 |
| oracle | communications_operations_monitor | 4.0 |
| oracle | financial_services_regulatory_reporting_for_us_federal_reserve | * |
| jquery | jquery | * |
| oracle | peoplesoft_enterprise_peopletools | 8.56 |
| oracle | insurance_insbridge_rating_and_underwriting | * |
| oracle | banking_enterprise_collections | * |
| oracle | retail_customer_insights | 16.0 |
| oracle | communications_operations_monitor | 3.4 |
| oracle | financial_services_profitability_management | 8.1.0 |
| oracle | application_testing_suite | 13.3 |
| oracle | financial_services_loan_loss_forecasting_and_provisioning | 8.1.0 |
| oracle | jdeveloper_and_adf | 12.1.3.0.0 |
| oracle | financial_services_institutional_performance_analytics | 8.1.0 |
| oracle | service_bus | 12.2.1.3.0 |
| oracle | jd_edwards_enterpriseone_tools | 9.2 |
| oracle | financial_services_data_governance_for_us_regulatory_reporting | * |
| oracle | financial_services_regulatory_reporting_for_european_banking_authority | 8.0.6 |
| oracle | financial_services_liquidity_risk_management | 8.0.6 |
| oracle | financial_services_market_risk_measurement_and_management | 8.0.5 |
| oracle | financial_services_liquidity_risk_management | 8.0.4.0.0 |
| oracle | financial_services_profitability_management | * |
| oracle | hospitality_simphony | 18.1 |
| oracle | primavera_unifier | 16.1 |
| oracle | communications_operations_monitor | 4.1.0 |
| oracle | primavera_unifier | * |
| oracle | retail_central_office | 14.1 |
| oracle | enterprise_manager_ops_center | 12.3.3 |
| netapp | oncommand_system_manager | * |
| oracle | policy_automation | 12.1.1 |
| fedoraproject | fedora | 29 |
| oracle | banking_digital_experience | 18.1 |
| oracle | financial_services_regulatory_reporting_for_european_banking_authority | 8.0.7 |
| oracle | communications_diameter_signaling_router | 8.1 |
| oracle | banking_digital_experience | 18.2 |
| oracle | service_bus | 12.1.3.0.0 |
| oracle | system_utilities | 19.1 |
| oracle | application_service_level_management | 13.2.0.0 |
| oracle | retail_customer_management_and_segmentation_foundation | 18.0 |
| oracle | financial_services_data_integration_hub | * |
| oracle | financial_services_retail_customer_analytics | * |
| debian | debian_linux | 8.0 |
| oracle | communications_billing_and_revenue_management | 7.5.0.23.0 |
| oracle | financial_services_data_foundation | * |
| oracle | enterprise_session_border_controller | 8.4 |
| oracle | communications_diameter_signaling_router | 8.2 |
| oracle | financial_services_liquidity_risk_management | 8.0.5.0.0 |
| oracle | financial_services_funds_transfer_pricing | * |
| oracle | financial_services_analytical_applications_reconciliation_framework | * |
| oracle | healthcare_foundation | 7.2.2 |
| oracle | financial_services_market_risk_measurement_and_management | 8.0.6 |
| oracle | fusion_middleware_mapviewer | 12.2.1.3.0 |
| oracle | application_testing_suite | 13.3.0.1 |
| fedoraproject | fedora | 28 |
| oracle | financial_services_asset_liability_management | * |
| oracle | hospitality_guest_access | 4.2.0 |
| oracle | insurance_ifrs_17_analyzer | 8.0.6 |
| oracle | insurance_insbridge_rating_and_underwriting | 5.6.1.0 |
| oracle | business_process_management_suite | 12.2.1.3.0 |
| oracle | agile_product_lifecycle_management_for_process | 6.2.0.0 |
| oracle | peoplesoft_enterprise_peopletools | 8.58 |
| oracle | financial_services_revenue_management_and_billing | 2.4.0.0 |
| oracle | jdeveloper | 11.1.1.9.0 |
| oracle | primavera_unifier | 16.2 |
| oracle | jdeveloper | 12.2.1.3.0 |
| oracle | banking_digital_experience | 20.1 |
| oracle | communications_billing_and_revenue_management | 12.0 |
| oracle | retail_returns_management | 14.1 |
| oracle | application_express | * |
| oracle | financial_services_data_integration_hub | 8.1.0 |
| oracle | communications_session_report_manager | 8.1.1 |
| oracle | service_bus | 11.1.1.9.0 |
| oracle | communications_session_route_manager | 8.1.1 |
| oracle | retail_central_office | 14.0 |
| oracle | application_service_level_management | 13.3.0.0 |
| oracle | financial_services_liquidity_risk_measurement_and_management | 8.0.8 |
| oracle | communications_analytics | 12.1.1 |
| oracle | communications_diameter_signaling_router | 8.2.1 |
| oracle | weblogic_server | 12.2.1.3.0 |
| backdropcms | backdrop | * |
| oracle | financial_services_enterprise_financial_performance_analytics | 8.0.7 |
| oracle | communications_session_route_manager | 8.2.0 |
| oracle | retail_customer_management_and_segmentation_foundation | 19.0 |
| oracle | agile_product_lifecycle_management_for_process | 6.2.2.0 |
| opensuse | leap | 15.1 |
| redhat | virtualization_manager | 4.3 |
| oracle | financial_services_enterprise_financial_performance_analytics | 8.0.6 |
| oracle | communications_diameter_signaling_router | 8.0.0 |
| oracle | communications_unified_inventory_management | 7.4.0 |
| oracle | weblogic_server | 12.2.1.4.0 |
| oracle | diagnostic_assistant | 2.12.36 |
| oracle | communications_application_session_controller | 3.8m0 |
| oracle | communications_unified_inventory_management | 7.3 |
| oracle | communications_session_report_manager | 8.2.0 |
| oracle | financial_services_asset_liability_management | 8.1.0 |
| oracle | rest_data_services | 12.2.0.1 |
| oracle | application_testing_suite | 12.5.0.3 |
| oracle | healthcare_translational_research | 3.1.0 |
| fedoraproject | fedora | 30 |
| oracle | policy_automation_for_mobile_devices | * |
| oracle | communications_element_manager | 8.2.0 |
| oracle | financial_services_retail_performance_analytics | 8.0.7 |
| oracle | identity_manager | 12.2.1.3.0 |
| oracle | communications_billing_and_revenue_management | 12.0.0.3.0 |
| oracle | financial_services_basel_regulatory_capital_basic | * |
| oracle | enterprise_manager_ops_center | 12.4.0 |
| oracle | big_data_discovery | 1.6 |
| oracle | jdeveloper_and_adf | 11.1.1.9.0 |
| oracle | healthcare_foundation | 7.2.0 |
| oracle | financial_services_loan_loss_forecasting_and_provisioning | * |
| oracle | communications_element_manager | 8.1.1 |
| oracle | policy_automation | * |
| oracle | agile_product_lifecycle_management_for_process | 6.2.1.0 |
| oracle | insurance_allocation_manager_for_enterprise_profitability | 8.1.0 |
| oracle | financial_services_market_risk_measurement_and_management | 8.0.8 |
| oracle | communications_webrtc_session_controller | 7.2 |
| oracle | insurance_data_foundation | * |
| oracle | retail_back_office | 14.1 |
| oracle | financial_services_regulatory_reporting_for_de_nederlandsche_bank | 8.0.4 |
| oracle | agile_product_lifecycle_management_for_process | 6.2.3.0 |
| oracle | communications_session_report_manager | 8.2.1 |
| oracle | communications_eagle_application_processor | * |
| oracle | application_testing_suite | 13.1.0.1 |
| oracle | retail_customer_insights | 15.0 |
| oracle | financial_services_retail_performance_analytics | 8.0.6 |
| oracle | financial_services_funds_transfer_pricing | 8.1.0 |
| oracle | peoplesoft_enterprise_peopletools | 8.55 |
| oracle | financial_services_basel_regulatory_capital_basic | 8.1.0 |
| oracle | financial_services_liquidity_risk_management | 8.0.0.1.0 |
| oracle | agile_product_lifecycle_management_for_process | 6.1 |
| oracle | tape_library_acsls | 8.5 |
| oracle | primavera_gateway | * |
| oracle | financial_services_liquidity_risk_measurement_and_management | 8.1.0 |
| oracle | application_testing_suite | 13.2 |
| oracle | policy_automation | 12.1.0 |
| oracle | enterprise_manager_ops_center | 12.4.0.0 |
An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 28 |
| joomla | joomla! | * |
| drupal | drupal | * |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| typo3 | pharstreamwrapper | * |
| fedoraproject | fedora | 30 |
| fedoraproject | fedora | 29 |
An issue was discovered in Joomla! before 3.9.7. The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-1236,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.9.7 |
| joomla | joomla! | 3.9.8 |
In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-862,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.3. The "No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior. However, it might be unexpected for the user because the configuration dialog lacks an additional message to explain this.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-502,CWE-917,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.4. The JSON handler in com_config lacks input validation, leading to XSS.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.4. The sample data plugins lack ACL checks, allowing unauthorized access.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-862,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.4. The media form field lacks escaping, leading to XSS.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-668,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 3.7.0 |
| joomla | joomla! | * |
In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
| joomla | joomla! | 3.0.0 |
In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows XSS.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-281,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
| joomla | joomla! | 2.5.0 |
An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L | 2.8 | 3.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! through 3.9.19. Lack of input filtering and escaping allows XSS attacks in mod_random_image.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-732,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! through 3.9.19. Inadequate filtering on the system information screen could expose Redis or proxy credentials
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site configuration.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-345,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L | 2.8 | 3.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of com_content leads to an open redirect.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-601,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS attacks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The autosuggestion feature of com_finder did not respect the access level of the corresponding terms.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper handling of the username leads to a user enumeration attack vector in the backend login page.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L | 2.8 | 3.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 1.7.0 through 3.9.22. Lack of input validation while handling ACL rulesets can cause write ACL violations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition endpoint of com_modules leak names of unpublished and/or inaccessible modules.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-862,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 3.1.0 through 3.9.23. The lack of escaping of image-related parameters in multiple com_tags views cause lead to XSS attack vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-338,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | 3.9 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to 'random_bytes()' and its backport that is shipped within random_compat.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | 3.9 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead to xss issues.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the rules field of the JForm API leads to a XSS vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-613,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in com_installer lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL for com_installer is limited to super users already.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-754,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user's permissions before executing a file deletion command.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | 3.9 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 4.0.0 |
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-209,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-601,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | 4.2.0 |
An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
| joomla | joomla! | 5.0.0 |
The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
Inadequate parsing of URLs could result into an open redirect.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
Inadequate content filtering leads to XSS vulnerabilities in various components.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
Improper handling of input could lead to an XSS vector in the StringHelper::truncate method.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
The Custom Fields component not correctly filter inputs, leading to a XSS vector.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
The wrapper extensions do not correctly validate inputs, leading to XSS vectors.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not..
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
Improper Access Controls allows backend users to overwrite their username when disallowed.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
Various module chromes didn't properly process inputs, leading to XSS vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
Lack of output escaping in the id attribute of menu lists.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
Improper Access Controls allows access to protected views.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in question can not be exploited when using the original database class. However, classes extending the affected class might be affected, if the vulnerable method is used.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
Lack of output escaping leads to a XSS vector in the pagebreak plugin.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
Lack of output escaping leads to a XSS vector in the multilingual associations component.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
Lack of output escaping for article titles leads to XSS vectors in various locations.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |
An improper access check allows unauthorized access to webservice endpoints.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | joomla! | * |