joomla

547 tracked vulnerabilities.

CVE-2022-23797 CRITICAL
Joomla! 3.0.0-3.10.6 - SQL Injection via Inadequate Filtering on Selected IDs
Mar 30, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-23796 MEDIUM
Joomla! 3.7.0-3.10.6 - Cross-Site Scripting via com_fields Input
Mar 30, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-23795 CRITICAL
Joomla! 2.5.0-3.10.6 and 4.0.0-4.1.0 - Improper Authentication
Mar 30, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-23794 MEDIUM
Joomla! 3.0.0-3.10.6 and 4.0.0-4.1.0 - Path Disclosure via Excessive Filename Length
Mar 30, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-23793 HIGH
Joomla! 3.0.0-3.10.6 and 4.0.0-4.1.0 - Path Traversal via Tar Package Extraction
Mar 30, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-26040 CRITICAL
Joomla! 4.0.0 - Incorrect Authorization for Media File Deletion
Aug 24, 2021
CVSS 9.1
EPSS 0.01
CVE-2021-26039 MEDIUM
Joomla! 3.0.0-3.9.27 - Cross-Site Scripting in com_media imagelist View
Jul 07, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-26038 HIGH
Joomla! 2.5.0-3.9.27 - Privilege Escalation via com_installer Install Action
Jul 07, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-26037 MEDIUM
Joomla! 2.5.0-3.9.27 - Insufficient Session Expiration
Jul 07, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-26036 HIGH
Joomla! 2.5.0-3.9.27 - Denial of Service via Usergroup Table Manipulation
Jul 07, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-26035 MEDIUM
Joomla! 3.0.0-3.9.27 - Cross-Site Scripting in JForm Rules Field
Jul 07, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-26034 MEDIUM
Joomla! 3.0.0-3.9.26 - Cross-Site Request Forgery in Data Download Endpoints
May 26, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-26033 MEDIUM
Joomla! 3.0.0-3.9.26 - Cross-Site Request Forgery via AJAX Reordering Endpoint
May 26, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-26032 MEDIUM
Joomla! 3.0.0-3.9.26 - Cross-Site Scripting via MediaHelper::canUpload
May 26, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-26031 MEDIUM
Joomla! <3.9.25 - Local File Inclusion
Apr 14, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-26030 MEDIUM
Joomla! 3.0.0-3.9.25 - Cross-Site Scripting via Logo Parameter on Error Page
Apr 14, 2021
CVSS 6.1
EPSS 0.82
CVE-2021-26029 MEDIUM
Joomla! 1.6.0-3.9.24 - Unauthenticated Author Field Overwrite via Inadequate Form Filtering
Mar 04, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-26028 MEDIUM
Joomla! 3.0.0-3.9.24 - Path Traversal and Arbitrary File Write via Archive Zip Extraction
Mar 04, 2021
CVSS 5.5
EPSS 0.01
CVE-2021-26027 MEDIUM
Joomla! 3.0.0-3.9.24 - Incorrect Authorization in Article Category Change
Mar 04, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-23132 HIGH
Joomla! 3.0.0-3.9.24 - Unauthenticated Arbitrary File Upload via com_media
Mar 04, 2021
CVSS 7.5
EPSS 0.07
CVE-2021-23131 HIGH
Joomla! 3.2.0-3.9.24 - Improper Input Validation in Template Manager
Mar 04, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-23130 MEDIUM
Joomla! 2.5.0-3.9.24 - Cross-Site Scripting in Feed Parser Library
Mar 04, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-23129 MEDIUM
Joomla! 2.5.0-3.9.24 - Stored Cross-Site Scripting in Alert Messages
Mar 04, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-23128 CRITICAL
Joomla! 3.2.0-3.9.24 - Insecure Random Value Generation in FOFEncryptRandval
Mar 04, 2021
CVSS 9.1
EPSS 0.02
CVE-2021-23127 CRITICAL
Joomla! 3.2.0-3.9.24 - Insecure Randomness in 2FA Secret Generation
Mar 04, 2021
CVSS 9.1
EPSS 0.02