Total
585 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-21731 | 1 Joomla | 1 Joomla\! | 2024-08-16 | N/A | 6.1 MEDIUM |
| Improper handling of input could lead to an XSS vector in the StringHelper::truncate method. | |||||
| CVE-2024-21729 | 1 Joomla | 1 Joomla\! | 2024-08-16 | N/A | 6.1 MEDIUM |
| Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field. | |||||
| CVE-2024-21730 | 1 Joomla | 1 Joomla\! | 2024-08-16 | N/A | 5.4 MEDIUM |
| The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector. | |||||
| CVE-2023-23752 | 1 Joomla | 1 Joomla\! | 2024-08-14 | N/A | 5.3 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. | |||||
| CVE-2024-26279 | 1 Joomla | 1 Joomla\! | 2024-07-19 | N/A | 6.1 MEDIUM |
| The wrapper extensions do not correctly validate inputs, leading to XSS vectors. | |||||
| CVE-2024-26278 | 1 Joomla | 1 Joomla\! | 2024-07-19 | N/A | 6.1 MEDIUM |
| The Custom Fields component not correctly filter inputs, leading to a XSS vector. | |||||
| CVE-2019-11358 | 11 Backdropcms, Debian, Drupal and 8 more | 105 Backdrop, Debian Linux, Drupal and 102 more | 2024-02-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. | |||||
| CVE-2016-10033 | 3 Joomla, Phpmailer Project, Wordpress | 3 Joomla\!, Phpmailer, Wordpress | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. | |||||
| CVE-2009-4094 | 2 Designforjoomla, Joomla | 2 Com Ezine, Joomla\! | 2024-02-14 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in class/php/d4m_ajax_pagenav.php in the D4J eZine (com_ezine) component 2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path parameter. | |||||
| CVE-2010-4516 | 2 Joomla, Jxtended | 2 Joomla\!, Jxtended Comments | 2024-02-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the JXtended Comments component before 1.3.1 for Joomla allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-2909 | 2 Joomla, Toughtomato | 2 Joomla\!, Com Ttvideo | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to index.php. | |||||
| CVE-2010-0946 | 2 Joomla, Kiss-software | 2 Joomla\!, Com Ksadvertiser | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Keep It Simple Stupid (KISS) Software Advertiser (com_ksadvertiser) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showcats action to index.php. | |||||
| CVE-2006-1957 | 2 Joomla, Mambo-foundation | 2 Joomla\!, Mambo | 2024-02-14 | 5.0 MEDIUM | N/A |
| The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter. | |||||
| CVE-2006-5043 | 2 Joomla, Joomlaboard | 2 Joomla\!, Joomlaboard | 2024-02-14 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1.1.2 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) file_upload.php or (2) image_upload.php, a variant of CVE-2006-3528. | |||||
| CVE-2010-1873 | 2 Joomla, Jvehicles | 2 Joomla\!, Com Jvehicles | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2023-40626 | 1 Joomla | 1 Joomla\! | 2024-02-05 | N/A | 7.5 HIGH |
| The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information. | |||||
| CVE-2023-23755 | 1 Joomla | 1 Joomla\! | 2024-02-04 | N/A | 7.5 HIGH |
| An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods. | |||||
| CVE-2023-23754 | 1 Joomla | 1 Joomla\! | 2024-02-04 | N/A | 6.1 MEDIUM |
| An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen. | |||||
| CVE-2022-27912 | 1 Joomla | 1 Joomla\! | 2024-02-04 | N/A | 5.3 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests. | |||||
| CVE-2022-27914 | 1 Joomla | 1 Joomla\! | 2024-02-04 | N/A | 6.1 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media. | |||||