Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Joomla\!
(Joomla)| Repositories | https://github.com/joomla/joomla-cms |
| #Vulnerabilities | 259 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2012-09-06 | CVE-2012-0820 | Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0822. | Joomla\! | N/A | ||
| 2012-09-06 | CVE-2012-0819 | Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0821. | Joomla\! | N/A | ||
| 2012-10-07 | CVE-2011-4911 | Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors. | Joomla\! | N/A | ||
| 2012-10-07 | CVE-2011-4910 | Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | Joomla\! | N/A | ||
| 2012-10-07 | CVE-2011-4909 | Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php. | Joomla\! | N/A | ||
| 2011-11-23 | CVE-2011-4332 | Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Joomla\! | N/A | ||
| 2011-11-23 | CVE-2011-4321 | The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors. | Joomla\! | N/A | ||
| 2011-09-23 | CVE-2011-3747 | Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php. | Joomla\! | N/A | ||
| 2011-07-27 | CVE-2011-2892 | Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | Joomla\! | N/A | ||
| 2011-07-27 | CVE-2011-2891 | Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488. | Joomla\! | N/A |