joomla

515 tracked vulnerabilities.

CVE-2018-11321 MEDIUM
Joomla! < 3.8.8 - Authenticated Remote Code Execution via Custom Field Filter Manipulation
May 22, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-8045 HIGH
Joomla! 3.5.0-3.8.5 - SQL Injection in User Notes List View
Mar 15, 2018
CVSS 8.8
EPSS 0.21
CVE-2018-6380 MEDIUM
Joomla! < 3.8.4 - Cross-Site Scripting in Module Chromes
Jan 30, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-6379 MEDIUM
Joomla! < 3.8.4 - Cross-Site Scripting via Uri Class Input Filtering
Jan 30, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-6377 MEDIUM
Joomla! < 3.8.4 - Cross-Site Scripting in com_fields List Radio and Checkbox Types
Jan 30, 2018
CVSS 6.1
EPSS 0.07
CVE-2018-6376 CRITICAL
Joomla! < 3.8.4 - SQL Injection in Hathor Postinstall Message
Jan 30, 2018
CVSS 9.8
EPSS 0.02
CVE-2017-16634 CRITICAL
Joomla! 3.2.0-3.8.1 - 2-Factor Authentication Bypass
Nov 10, 2017
CVSS 9.8
EPSS 0.00
CVE-2017-16633 MEDIUM
Joomla! 3.7.0-3.8.1 - Unauthorized Information Disclosure in com_fields
Nov 10, 2017
CVSS 4.3
EPSS 0.00
CVE-2017-14596 CRITICAL
Joomla! - LDAP Injection via Authentication Plugin
Sep 20, 2017
CVSS 9.8
EPSS 0.03
CVE-2017-14595 LOW
Joomla! - Information Disclosure via Archived Article SQL Query
Sep 20, 2017
CVSS 3.7
EPSS 0.00
CVE-2017-11364 HIGH
Joomla! - Authenticated Application Takeover via Certificate Transparency Log Abuse
Aug 02, 2017
CVSS 8.8
EPSS 0.00
CVE-2017-11612 MEDIUM
Joomla! - Cross-Site Scripting via Inadequate HTML Tag Filtering
Jul 26, 2017
CVSS 6.1
EPSS 0.00
CVE-2017-9934 MEDIUM
Joomla! 1.7.3-3.7.2 - Cross-Site Scripting via Missing CSRF Token Checks
Jul 17, 2017
CVSS 6.1
EPSS 0.00
CVE-2017-9933 HIGH
Joomla! 1.7.3-3.7.2 - Unauthorized Information Exposure via Cache Invalidation
Jul 17, 2017
CVSS 7.5
EPSS 0.00
CVE-2017-8917 CRITICAL NUCLEI
Joomla! 3.7.x - SQL Injection
May 17, 2017
CVSS 9.8
EPSS 0.95
CVE-2017-8057 MEDIUM
Joomla! 3.4.0-3.6.5 - Unauthenticated Sensitive Information Exposure via Error Reporting
Apr 25, 2017
CVSS 5.3
EPSS 0.00
CVE-2017-7989 MEDIUM
Joomla! 3.2.0-3.6.5 - Unrestricted Upload of Dangerous File Type via Inadequate MIME Check
Apr 25, 2017
CVSS 6.5
EPSS 0.00
CVE-2017-7988 MEDIUM
Joomla! 1.6.0-3.6.5 - ACL Violation via Article Author Overwrite
Apr 25, 2017
CVSS 5.3
EPSS 0.00
CVE-2017-7987 MEDIUM
Joomla! 3.2.0-3.6.5 - Cross-Site Scripting in Template Manager Component
Apr 25, 2017
CVSS 6.1
EPSS 0.00
CVE-2017-7986 MEDIUM
Joomla! 1.5.0-3.6.5 - Cross-Site Scripting via Inadequate HTML Attribute Filtering
Apr 25, 2017
CVSS 6.1
EPSS 0.00
CVE-2017-7985 MEDIUM
Joomla! 1.5.0-3.6.5 - Cross-Site Scripting via Multibyte Character Filter Bypass
Apr 25, 2017
CVSS 6.1
EPSS 0.00
CVE-2017-7984 MEDIUM
Joomla! 3.2.0-3.6.5 - Stored Cross-Site Scripting in Template Manager
Apr 25, 2017
CVSS 6.1
EPSS 0.00
CVE-2017-7983 MEDIUM
Joomla! 1.5.0-3.6.5 - Information Disclosure via JMail API
Apr 25, 2017
CVSS 5.3
EPSS 0.00
CVE-2016-9081 CRITICAL
Joomla! <3.6.3 - Privilege Escalation
Jan 23, 2017
CVSS 9.8
EPSS 0.00
CVE-2016-10045 CRITICAL
PHPMailer < 5.2.20 - Remote Code Execution via Sendmail Argument Injection
Dec 30, 2016
CVSS 9.8
EPSS 0.93
Products
joomla\! 282 joomla 81 joomla-cms 8 bsq_sitestats 6 rs_gallery2 4 com_beamospetition 3 com_weblinks 3 framework 3 archive 2 com_astatspro 2 com_downloads 2 com_facileforms 2 com_mailto 2 com_pcchess 2 com_pccookbook 2 com_rapidrecipe 2 com_sef 2 filter 2 jd-wiki 2 joomla-platform 2 akobook 1 application 1 be_it_easypartner_component 1 bibtex 1 car_manager 1 classifieds_component 1 colophon 1 com_acajoom 1 com_acctexp 1 com_artistavenue 1
Quick Filters
Critical CVEs With Exploits In CISA KEV