Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Joomla\!
(Joomla)| Repositories | https://github.com/joomla/joomla-cms |
| #Vulnerabilities | 259 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-02-12 | CVE-2019-7739 | An issue was discovered in Joomla! before 3.9.3. The "No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior. However, it might be unexpected for the user because the configuration dialog lacks an additional message to explain this. | Joomla\! | 6.1 | ||
| 2019-01-16 | CVE-2019-6264 | An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability. | Joomla\! | 6.1 | ||
| 2019-01-16 | CVE-2019-6263 | An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS. | Joomla\! | 4.8 | ||
| 2019-01-16 | CVE-2019-6262 | An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS. | Joomla\! | 5.4 | ||
| 2019-01-16 | CVE-2019-6261 | An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability. | Joomla\! | 6.1 | ||
| 2019-04-10 | CVE-2019-10946 | An issue was discovered in Joomla! before 3.9.5. The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users. | Joomla\! | 7.5 | ||
| 2019-04-10 | CVE-2019-10945 | An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory. | Joomla\! | 9.8 | ||
| 2018-03-15 | CVE-2018-8045 | In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view. | Joomla\! | 8.8 | ||
| 2018-01-30 | CVE-2018-6380 | In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system. | Joomla\! | 6.1 | ||
| 2018-01-30 | CVE-2018-6379 | In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability. | Joomla\! | 6.1 |