Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Joomla\!
(Joomla)| Repositories | https://github.com/joomla/joomla-cms |
| #Vulnerabilities | 259 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-05-22 | CVE-2018-11328 | An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability. | Joomla\! | 4.7 | ||
| 2018-05-22 | CVE-2018-11327 | An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission. | Joomla\! | 4.3 | ||
| 2018-05-22 | CVE-2018-11326 | An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack. | Joomla\! | 4.8 | ||
| 2018-05-22 | CVE-2018-11325 | An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen. | Joomla\! | 9.8 | ||
| 2018-05-22 | CVE-2018-11324 | An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated. | Joomla\! | 5.9 | ||
| 2018-05-22 | CVE-2018-11323 | An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions. | Joomla\! | 8.8 | ||
| 2018-05-22 | CVE-2018-11322 | An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver. | Joomla\! | 7.5 | ||
| 2018-05-22 | CVE-2018-11321 | An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. | Joomla\! | 6.5 | ||
| 2017-07-17 | CVE-2017-9934 | Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability. | Joomla\! | 6.1 | ||
| 2017-07-17 | CVE-2017-9933 | Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents. | Joomla\! | 7.5 |