Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Joomla\!
(Joomla)| Repositories | https://github.com/joomla/joomla-cms |
| #Vulnerabilities | 259 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-05-20 | CVE-2019-11809 | An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector. | Joomla\! | 6.1 | ||
| 2019-03-12 | CVE-2019-9714 | An issue was discovered in Joomla! before 3.9.4. The media form field lacks escaping, leading to XSS. | Joomla\! | 6.1 | ||
| 2019-03-12 | CVE-2019-9713 | An issue was discovered in Joomla! before 3.9.4. The sample data plugins lack ACL checks, allowing unauthorized access. | Joomla\! | 7.5 | ||
| 2019-03-12 | CVE-2019-9712 | An issue was discovered in Joomla! before 3.9.4. The JSON handler in com_config lacks input validation, leading to XSS. | Joomla\! | 6.1 | ||
| 2019-03-12 | CVE-2019-9711 | An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS. | Joomla\! | 6.1 | ||
| 2019-02-12 | CVE-2019-7744 | An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability. | Joomla\! | 6.1 | ||
| 2019-02-12 | CVE-2019-7743 | An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files. | Joomla\! | 9.8 | ||
| 2019-02-12 | CVE-2019-7742 | An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector. | Joomla\! | 6.1 | ||
| 2019-02-12 | CVE-2019-7741 | An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS. | Joomla\! | 6.1 | ||
| 2019-02-12 | CVE-2019-7740 | An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector. | Joomla\! | 6.1 |