Product:

Joomla\!

(Joomla)
Repositories https://github.com/joomla/joomla-cms
#Vulnerabilities 259
Date Id Summary Products Score Patch Annotated
2022-03-30 CVE-2022-23801 An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media. Joomla\! 6.1
2022-08-31 CVE-2022-27911 An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes. Joomla\! 5.3
2022-10-25 CVE-2022-27912 An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests. Joomla\! 5.3
2022-10-25 CVE-2022-27913 An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components. Joomla\! 6.1
2022-11-08 CVE-2022-27914 An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media. Joomla\! 6.1
2023-02-01 CVE-2023-23750 An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages. Joomla\! 6.3
2023-02-01 CVE-2023-23751 An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs. Joomla\! 4.3
2023-02-16 CVE-2023-23752 An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. Joomla\! 5.3
2023-05-30 CVE-2023-23754 An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen. Joomla\! 6.1
2023-05-30 CVE-2023-23755 An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods. Joomla\! 7.5