Product:

Joomla\!

(Joomla)
Repositories https://github.com/joomla/joomla-cms
#Vulnerabilities 259
Date Id Summary Products Score Patch Annotated
2019-04-10 CVE-2019-10946 An issue was discovered in Joomla! before 3.9.5. The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users. Joomla\! 7.5
2019-04-10 CVE-2019-10945 An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory. Joomla\! 9.8
2018-03-15 CVE-2018-8045 In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view. Joomla\! 8.8
2018-01-30 CVE-2018-6380 In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system. Joomla\! 6.1
2018-01-30 CVE-2018-6379 In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability. Joomla\! 6.1
2018-05-22 CVE-2018-6378 In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager. Joomla\! 6.1
2018-01-30 CVE-2018-6377 In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox Joomla\! 6.1
2018-01-30 CVE-2018-6376 In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message. Joomla\! 9.8
2018-10-09 CVE-2018-17859 An issue was discovered in Joomla! before 3.8.13. Inadequate checks in com_contact could allow mail submission in disabled forms. Joomla\! 4.3
2018-10-09 CVE-2018-17858 An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend. Joomla\! 8.8