Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Joomla Subscribe
Filtered by product Joomla\!
Total 588 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-8420 1 Joomla 1 Joomla\! 2024-02-28 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.
CVE-2019-18650 1 Joomla 1 Joomla\! 2024-02-28 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability.
CVE-2019-19845 1 Joomla 1 Joomla\! 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure.
CVE-2011-4907 1 Joomla 1 Joomla\! 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
Joomla! 1.5x through 1.5.12: Missing JEXEC Check
CVE-2011-1151 1 Joomla 1 Joomla\! 2024-02-28 6.4 MEDIUM 9.1 CRITICAL
Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters.
CVE-2011-4937 1 Joomla 1 Joomla\! 2024-02-28 5.0 MEDIUM 7.5 HIGH
Joomla! 1.7.1 has core information disclosure due to inadequate error checking.
CVE-2019-16725 1 Joomla 1 Joomla\! 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates.
CVE-2019-18674 1 Joomla 1 Joomla\! 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure.
CVE-2011-4912 1 Joomla 1 Joomla\! 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.
CVE-2012-1562 1 Joomla 1 Joomla\! 2024-02-28 5.0 MEDIUM 7.5 HIGH
Joomla! core before 2.5.3 allows unauthorized password change.
CVE-2012-1563 1 Joomla 1 Joomla\! 2024-02-28 5.0 MEDIUM 7.5 HIGH
Joomla! before 2.5.3 allows Admin Account Creation.
CVE-2020-8421 1 Joomla 1 Joomla\! 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs.
CVE-2011-3629 1 Joomla 1 Joomla\! 2024-02-28 5.0 MEDIUM 7.5 HIGH
Joomla! core 1.7.1 allows information disclosure due to weak encryption
CVE-2020-8419 1 Joomla 1 Joomla\! 2024-02-28 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities.
CVE-2011-3595 1 Joomla 1 Joomla\! 2024-02-28 3.5 LOW 5.4 MEDIUM
Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters.
CVE-2019-19846 1 Joomla 1 Joomla\! 2024-02-28 7.5 HIGH 9.8 CRITICAL
In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.
CVE-2019-11358 11 Backdropcms, Debian, Drupal and 8 more 105 Backdrop, Debian Linux, Drupal and 102 more 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2019-9713 1 Joomla 1 Joomla\! 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Joomla! before 3.9.4. The sample data plugins lack ACL checks, allowing unauthorized access.
CVE-2019-15028 1 Joomla 1 Joomla\! 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms.
CVE-2019-12766 1 Joomla 1 Joomla\! 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors.