Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Joomla\!
(Joomla)| Repositories | https://github.com/joomla/joomla-cms |
| #Vulnerabilities | 259 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-05-22 | CVE-2018-6378 | In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager. | Joomla\! | 6.1 | ||
| 2018-01-30 | CVE-2018-6377 | In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox | Joomla\! | 6.1 | ||
| 2018-01-30 | CVE-2018-6376 | In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message. | Joomla\! | 9.8 | ||
| 2018-10-09 | CVE-2018-17859 | An issue was discovered in Joomla! before 3.8.13. Inadequate checks in com_contact could allow mail submission in disabled forms. | Joomla\! | 4.3 | ||
| 2018-10-09 | CVE-2018-17858 | An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend. | Joomla\! | 8.8 | ||
| 2018-10-09 | CVE-2018-17857 | An issue was discovered in Joomla! before 3.8.13. Inadequate checks on the tags search fields can lead to an access level violation. | Joomla\! | 4.3 | ||
| 2018-08-29 | CVE-2018-15882 | An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter. | Joomla\! | 9.8 | ||
| 2018-08-29 | CVE-2018-15881 | An issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can lead to an ACL violation. | Joomla\! | 7.5 | ||
| 2018-08-29 | CVE-2018-15880 | An issue was discovered in Joomla! before 3.8.12. Inadequate output filtering on the user profile page could lead to a stored XSS attack. | Joomla\! | 5.4 | ||
| 2018-06-26 | CVE-2018-12712 | An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion. | Joomla\! | 8.8 |