Total
585 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9838 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and password, as demonstrated by submitting a form that targets the `registration.register` task. | |||||
| CVE-2017-7985 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components. | |||||
| CVE-2017-7984 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component. | |||||
| CVE-2016-8870 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
| The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting. | |||||
| CVE-2016-8869 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site. | |||||