Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Joomla\!
(Joomla)| Repositories | https://github.com/joomla/joomla-cms |
| #Vulnerabilities | 259 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-07-07 | CVE-2021-26035 | An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the rules field of the JForm API leads to a XSS vulnerability. | Joomla\! | 6.1 | ||
| 2021-07-07 | CVE-2021-26036 | An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table. | Joomla\! | 7.5 | ||
| 2021-07-07 | CVE-2021-26037 | An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked. | Joomla\! | 5.3 | ||
| 2021-07-07 | CVE-2021-26038 | An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in com_installer lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL for com_installer is limited to super users already. | Joomla\! | 7.5 | ||
| 2021-07-07 | CVE-2021-26039 | An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability. | Joomla\! | 6.1 | ||
| 2021-08-24 | CVE-2021-26040 | An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user's permissions before executing a file deletion command. | Joomla\! | 9.1 | ||
| 2022-03-30 | CVE-2022-23793 | An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path. | Joomla\! | 7.5 | ||
| 2022-03-30 | CVE-2022-23794 | An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application. | Joomla\! | 5.3 | ||
| 2022-03-30 | CVE-2022-23795 | An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover. | Joomla\! | 9.8 | ||
| 2022-03-30 | CVE-2022-23796 | An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields. | Joomla\! | 6.1 |