Total
580 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-17856 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access com_joomlaupdate and trigger code execution. | |||||
CVE-2019-7743 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files. | |||||
CVE-2019-7742 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector. | |||||
CVE-2018-17857 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in Joomla! before 3.8.13. Inadequate checks on the tags search fields can lead to an access level violation. | |||||
CVE-2018-15881 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can lead to an ACL violation. | |||||
CVE-2018-15882 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter. | |||||
CVE-2019-7741 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS. | |||||
CVE-2019-6263 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS. | |||||
CVE-2019-7744 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability. | |||||
CVE-2018-6379 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability. | |||||
CVE-2018-6376 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message. | |||||
CVE-2018-11326 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack. | |||||
CVE-2018-6380 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system. | |||||
CVE-2018-12712 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion. | |||||
CVE-2018-8045 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view. | |||||
CVE-2018-11323 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions. | |||||
CVE-2018-6377 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox | |||||
CVE-2018-11327 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission. | |||||
CVE-2018-11324 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated. | |||||
CVE-2018-11328 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 2.6 LOW | 4.7 MEDIUM |
An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability. |