Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Joomla\!
(Joomla)| Repositories | https://github.com/joomla/joomla-cms |
| #Vulnerabilities | 259 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-03-04 | CVE-2021-26029 | An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field. | Joomla\! | 5.3 | ||
| 2021-04-14 | CVE-2021-26030 | An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page | Joomla\! | 6.1 | ||
| 2021-04-14 | CVE-2021-26031 | An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI. | Joomla\! | 5.3 | ||
| 2021-05-26 | CVE-2021-26032 | An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors. | Joomla\! | 6.1 | ||
| 2021-05-26 | CVE-2021-26033 | An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint. | Joomla\! | 6.5 | ||
| 2021-05-26 | CVE-2021-26034 | An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo. | Joomla\! | 6.5 | ||
| 2021-07-07 | CVE-2021-26035 | An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the rules field of the JForm API leads to a XSS vulnerability. | Joomla\! | 6.1 | ||
| 2021-07-07 | CVE-2021-26036 | An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table. | Joomla\! | 7.5 | ||
| 2021-07-07 | CVE-2021-26037 | An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked. | Joomla\! | 5.3 | ||
| 2021-07-07 | CVE-2021-26038 | An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in com_installer lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL for com_installer is limited to super users already. | Joomla\! | 7.5 |