Total
603 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7988 | 1 Joomla | 1 Joomla\! | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article. | |||||
| CVE-2018-11325 | 1 Joomla | 1 Joomla\! | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen. | |||||
| CVE-2017-14595 | 1 Joomla | 1 Joomla\! | 2019-10-03 | 4.3 MEDIUM | 3.7 LOW |
| In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state. | |||||
| CVE-2018-17859 | 1 Joomla | 1 Joomla\! | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Joomla! before 3.8.13. Inadequate checks in com_contact could allow mail submission in disabled forms. | |||||
| CVE-2019-16725 | 1 Joomla | 1 Joomla\! | 2019-09-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates. | |||||
| CVE-2019-11809 | 1 Joomla | 1 Joomla\! | 2019-05-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector. | |||||
| CVE-2019-10945 | 1 Joomla | 1 Joomla\! | 2019-04-17 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory. | |||||
| CVE-2017-8917 | 1 Joomla | 1 Joomla\! | 2019-04-16 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2017-7985 | 1 Joomla | 1 Joomla\! | 2019-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components. | |||||
| CVE-2019-9711 | 1 Joomla | 1 Joomla\! | 2019-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS. | |||||
| CVE-2019-9712 | 1 Joomla | 1 Joomla\! | 2019-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.4. The JSON handler in com_config lacks input validation, leading to XSS. | |||||
| CVE-2019-9714 | 1 Joomla | 1 Joomla\! | 2019-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.4. The media form field lacks escaping, leading to XSS. | |||||
| CVE-2019-6263 | 1 Joomla | 1 Joomla\! | 2019-02-26 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS. | |||||
| CVE-2019-6261 | 1 Joomla | 1 Joomla\! | 2019-02-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability. | |||||
| CVE-2019-6262 | 1 Joomla | 1 Joomla\! | 2019-02-26 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS. | |||||
| CVE-2019-6264 | 1 Joomla | 1 Joomla\! | 2019-02-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability. | |||||
| CVE-2019-7742 | 1 Joomla | 1 Joomla\! | 2019-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector. | |||||
| CVE-2019-7740 | 1 Joomla | 1 Joomla\! | 2019-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector. | |||||
| CVE-2019-7741 | 1 Joomla | 1 Joomla\! | 2019-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS. | |||||
| CVE-2019-7744 | 1 Joomla | 1 Joomla\! | 2019-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability. | |||||