joomla

547 tracked vulnerabilities.

CVE-2024-27184 MEDIUM
Joomla 3.4.6-3.10.17 and 4.0-4.4.7 - Open Redirect
Aug 20, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-26279 MEDIUM
Joomla! 3.0.0-3.10.15 - Cross-Site Scripting in Wrapper Extensions
Jul 09, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-26278 MEDIUM
Joomla! 3.7.0-3.10.15 - Stored Cross-Site Scripting in Custom Fields Default Value
Jul 09, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-21731 MEDIUM
Joomla! 3.0.0-3.10.14 - Cross-Site Scripting in StringHelper::truncate Method
Jul 09, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-21730 MEDIUM
Joomla! 4.0.0-4.4.5 - Self Cross-Site Scripting in Fancyselect List Field Layout
Jul 09, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-21729 MEDIUM
Joomla! 4.0.0-4.4.5 - Cross-Site Scripting in Accessible Media Selection Field
Jul 09, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-21726 MEDIUM
Joomla! 3.7.0-3.10.14 - Cross-Site Scripting via Inadequate Content Filtering
Feb 29, 2024
CVSS 6.5
EPSS 0.49
CVE-2024-21725 MEDIUM
Joomla! 4.0.0-4.4.2 - Cross-Site Scripting in Mail Address Outputs
Feb 29, 2024
CVSS 6.1
EPSS 0.32
CVE-2024-21724 MEDIUM
Joomla! 1.6.0-3.10.14 - Cross-Site Scripting in Media Selection Fields
Feb 29, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-21723 MEDIUM
Joomla! 1.5.0-3.10.14 - Open Redirect via URL Parsing
Feb 29, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-21722 MEDIUM
Joomla! 3.2.0-3.10.14 - Insufficient Session Expiration in MFA Management
Feb 29, 2024
CVSS 6.3
EPSS 0.01
CVE-2023-40626 HIGH
Language File Parsing - Info Disclosure
Nov 29, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-23755 HIGH
Joomla! 4.2.0-4.3.1 - Unauthenticated Brute Force Attack via MFA Screen
May 30, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-23754 MEDIUM
Joomla! 4.2.0-4.3.1 - Open Redirect and Cross-Site Scripting in MFA Selection Screen
May 30, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-23752 MEDIUM KEVNUCLEI
Joomla! 4.0.0-4.2.7 - Unauthenticated Improper Access Control in Webservice Endpoints
Feb 16, 2023
CVSS 5.3
EPSS 1.00
CVE-2023-23751 MEDIUM
Joomla! 4.0.0-4.2.4 - Incorrect Authorization in com_actionlogs
Feb 01, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-23750 MEDIUM
Joomla! 4.0.0-4.2.6 - Cross-Site Request Forgery in Post-Installation Messages
Feb 01, 2023
CVSS 6.3
EPSS 0.00
CVE-2022-27914 MEDIUM
Joomla! 4.0.0-4.2.4 - Reflected Cross-Site Scripting in com_media
Nov 08, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-27913 MEDIUM
Joomla! 4.2.0-4.2.3 - Reflected Cross-Site Scripting in Various Components
Oct 25, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-27912 MEDIUM
Joomla! 4.0.0-4.2.3 - Unauthorized Sensitive Information Exposure in Debug Mode
Oct 25, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-27911 MEDIUM
Joomla! 4.2.0 - Full Path Disclosure via Missing _JEXEC Check
Aug 31, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-23801 MEDIUM
Joomla! 4.0.0-4.1.0 - Cross-Site Scripting via SVG Embedding in com_media
Mar 30, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-23800 MEDIUM
Joomla! 4.0.0-4.1.0 - Cross-Site Scripting via Inadequate Content Filtering
Mar 30, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-23799 CRITICAL
Joomla! 4.0.0-4.1.0 - Variable Tampering via JInput Request Data Pollution
Mar 30, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-23798 MEDIUM
Joomla! 2.5.0-3.10.6 & 4.0.0-4.1.0 - Open Redirect via URL Validation Bypass
Mar 30, 2022
CVSS 6.1
EPSS 0.01