Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Joomla\!
(Joomla)| Repositories | https://github.com/joomla/joomla-cms |
| #Vulnerabilities | 259 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-03-30 | CVE-2022-23797 | An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection. | Joomla\! | 9.8 | ||
| 2022-03-30 | CVE-2022-23798 | An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not. | Joomla\! | 6.1 | ||
| 2022-03-30 | CVE-2022-23799 | An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data. | Joomla\! | 9.8 | ||
| 2022-03-30 | CVE-2022-23800 | An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components. | Joomla\! | 6.1 | ||
| 2022-03-30 | CVE-2022-23801 | An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media. | Joomla\! | 6.1 | ||
| 2022-08-31 | CVE-2022-27911 | An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes. | Joomla\! | 5.3 | ||
| 2022-10-25 | CVE-2022-27912 | An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests. | Joomla\! | 5.3 | ||
| 2022-10-25 | CVE-2022-27913 | An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components. | Joomla\! | 6.1 | ||
| 2022-11-08 | CVE-2022-27914 | An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media. | Joomla\! | 6.1 | ||
| 2023-02-01 | CVE-2023-23750 | An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages. | Joomla\! | 6.3 |