| CVE-2026-48901 |
high |
7.5 |
7.5 |
|
|
joomla |
9d ago |
The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key. |
| CVE-2026-30894 |
medium |
6.1 |
6.1 |
|
|
joomla |
9d ago |
Lack of output escaping leads to a XSS vector in the content history component. |
| CVE-2026-48903 |
medium |
6.1 |
6.1 |
|
|
joomla |
9d ago |
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components. |
| CVE-2026-48896 |
high |
7.5 |
7.5 |
|
|
joomla |
9d ago |
Insufficient state checks lead to a vector that allows to bypass 2FA checks. |
| CVE-2026-35220 |
medium |
4.3 |
4.3 |
|
|
joomla |
9d ago |
Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users. |
| CVE-2026-40384 |
high |
7.5 |
7.5 |
|
|
joomla |
9d ago |
An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability. |
| CVE-2026-48905 |
medium |
6.1 |
6.1 |
|
|
joomla |
9d ago |
Lack of input filtering leads to an XSS vector in the HTML filter code. |
| CVE-2026-48897 |
high |
7.5 |
7.5 |
|
|
joomla |
9d ago |
Insufficient state checks lead to a vector that allows to bypass 2FA checks. |
| CVE-2026-25901 |
medium |
6.1 |
6.1 |
|
|
joomla |
9d ago |
Lack of output escaping leads to a XSS vector in the multilingual associations component. |
| CVE-2026-48900 |
medium |
4.3 |
4.3 |
|
|
joomla |
9d ago |
An improper access check allowed low privileged users to edit the task types of existing scheduler tasks. |
| CVE-2026-25900 |
medium |
6.1 |
6.1 |
|
|
joomla |
9d ago |
Lack of output escaping leads to a XSS vector in the feed modules. |
| CVE-2026-30895 |
medium |
6.1 |
6.1 |
|
|
joomla |
9d ago |
Lack of output escaping leads to a XSS vector in the readmore links for com_content. |
| CVE-2017-16633 |
medium |
4.3 |
4.3 |
|
|
joomla |
9y ago |
In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users. |
| CVE-2017-14595 |
low |
3.7 |
3.7 |
|
|
joomla |
9y ago |
In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state. |
| CVE-2015-5608 |
medium |
6.1 |
6.1 |
|
|
joomla |
9y ago |
Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1. |
| CVE-2017-11364 |
high |
8.8 |
8.8 |
|
|
joomla |
9y ago |
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate… |
| CVE-2017-11612 |
medium |
6.1 |
6.1 |
|
|
joomla |
9y ago |
In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components. |
| CVE-2017-9934 |
medium |
6.1 |
6.1 |
|
|
joomla |
9y ago |
Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability. |
| CVE-2017-9933 |
high |
7.5 |
7.5 |
|
|
joomla |
9y ago |
Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents. |
| CVE-2017-8057 |
medium |
5.3 |
5.3 |
|
|
joomla |
9y ago |
In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting. |
| CVE-2017-7989 |
medium |
6.5 |
6.5 |
|
|
joomla |
9y ago |
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden. |
| CVE-2017-7988 |
medium |
5.3 |
5.3 |
|
|
joomla |
9y ago |
In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article. |
| CVE-2017-7987 |
medium |
6.1 |
6.1 |
|
|
joomla |
9y ago |
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component. |
| CVE-2017-7986 |
medium |
6.1 |
6.1 |
|
|
joomla |
9y ago |
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components. |
| CVE-2017-7985 |
medium |
6.1 |
6.1 |
|
|
joomla |
9y ago |
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components. |
| CVE-2017-7984 |
medium |
6.1 |
6.1 |
|
|
joomla |
9y ago |
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component. |
| CVE-2017-7983 |
medium |
5.3 |
5.3 |
|
|
joomla |
9y ago |
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers. |
| CVE-2016-9838 |
high |
7.5 |
8.5 |
EXP |
|
joomla |
10y ago |
An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a us… |
| CVE-2016-9837 |
high |
7.5 |
7.5 |
|
|
joomla |
10y ago |
An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view all… |
| CVE-2016-8870 |
high |
8.1 |
9.1 |
EXP |
|
joomla |
10y ago |
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create … |
| CVE-2015-8769 |
high |
7.3 |
7.3 |
|
|
joomla |
11y ago |
SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2015-8566 |
high |
— |
8.5 |
EXP |
|
joomla |
11y ago |
Joomla! Framework Remote Code Injection Vulnerability |
| CVE-2015-8565 |
high |
— |
7.5 |
|
|
joomla |
11y ago |
Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors. |
| CVE-2015-8564 |
high |
— |
7.5 |
|
|
joomla |
11y ago |
Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package ar… |
| CVE-2015-8563 |
medium |
— |
6.8 |
|
|
joomla |
11y ago |
Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecifie… |
| CVE-2015-8562 |
high |
— |
8.5 |
EXP |
|
joomla |
11y ago |
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in Dece… |
| CVE-2015-7899 |
medium |
— |
5.0 |
|
|
joomla |
11y ago |
The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. |
| CVE-2015-7859 |
medium |
— |
5.0 |
|
|
joomla |
11y ago |
The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. |
| CVE-2015-7858 |
high |
— |
8.5 |
EXP |
|
joomla |
11y ago |
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297. |
| CVE-2015-7857 |
high |
— |
8.5 |
EXP |
|
joomla |
11y ago |
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL… |
| CVE-2015-7297 |
high |
— |
8.5 |
EXP |
|
joomla |
11y ago |
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858. |
| CVE-2015-6939 |
medium |
— |
4.3 |
|
|
joomla |
11y ago |
Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-5397 |
medium |
— |
6.8 |
|
|
joomla |
11y ago |
Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upl… |
| CVE-2015-4654 |
high |
— |
7.5 |
|
|
joomla |
11y ago |
SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent. |
| CVE-2014-7228 |
high |
— |
8.5 |
EXP |
|
joomla |
12y ago |
Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for … |
| CVE-2012-2413 |
medium |
— |
4.3 |
|
|
joomla |
12y ago |
Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/… |
| CVE-2014-7984 |
high |
— |
7.5 |
|
|
joomla |
12y ago |
Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication. |
| CVE-2014-7983 |
medium |
— |
4.3 |
|
|
joomla |
12y ago |
Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-7982 |
medium |
— |
4.3 |
|
|
joomla |
12y ago |
Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-7981 |
high |
— |
8.5 |
EXP |
|
joomla |
12y ago |
SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2014-7229 |
medium |
— |
5.0 |
|
|
joomla |
12y ago |
Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors. |
| CVE-2014-6632 |
high |
— |
7.5 |
|
|
joomla |
12y ago |
Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication. |
| CVE-2014-6631 |
medium |
— |
4.3 |
|
|
joomla |
12y ago |
Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-5955 |
medium |
— |
4.3 |
|
|
purplebeaniejoomla |
12y ago |
Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary p… |
| CVE-2013-5953 |
medium |
— |
4.3 |
|
|
codepeoplejoomla |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote at… |
| CVE-2013-5952 |
medium |
— |
4.3 |
|
|
codologicjoomla |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via t… |
| CVE-2014-0793 |
medium |
— |
5.3 |
EXP |
|
stackideasjoomla |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1… |
| CVE-2014-0794 |
medium |
— |
5.3 |
EXP |
|
joomla |
13y ago |
SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.… |
| CVE-2013-5583 |
medium |
— |
4.3 |
|
|
joomla |
13y ago |
Joomla! Cross-site Scripting vulnerability |
| CVE-2013-5576 |
medium |
— |
7.8 |
EXP |
|
joomla |
13y ago |
administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended … |
| CVE-2013-3719 |
medium |
— |
4.3 |
|
|
algisinfojoomla |
13y ago |
Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-3534 |
medium |
— |
4.3 |
|
|
algisinfojoomla |
13y ago |
Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-3267 |
medium |
— |
4.3 |
|
|
joomla |
13y ago |
Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified… |
| CVE-2013-3242 |
medium |
— |
6.5 |
EXP |
|
joomla |
13y ago |
plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated use… |
| CVE-2013-3059 |
medium |
— |
4.3 |
|
|
joomla |
13y ago |
Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vect… |
| CVE-2013-3058 |
medium |
— |
4.3 |
|
|
joomla |
13y ago |
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-3057 |
medium |
— |
4.0 |
|
|
joomla |
13y ago |
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors. |
| CVE-2013-3056 |
medium |
— |
4.0 |
|
|
joomla |
13y ago |
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vecto… |
| CVE-2013-1455 |
medium |
— |
5.0 |
|
|
joomla |
14y ago |
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable." |
| CVE-2013-1454 |
medium |
— |
5.0 |
|
|
joomla |
14y ago |
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors." |
| CVE-2013-1453 |
high |
— |
8.5 |
EXP |
|
joomla |
14y ago |
plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary d… |
| CVE-2012-6514 |
medium |
— |
4.3 |
|
|
netshinesoftwarejoomla |
14y ago |
Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income act… |
| CVE-2012-1599 |
medium |
— |
5.0 |
|
|
joomla |
14y ago |
Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate… |
| CVE-2012-1598 |
high |
— |
7.5 |
|
|
joomla |
14y ago |
Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability." |
| CVE-2010-5280 |
high |
— |
8.5 |
EXP |
|
joomla-cbejoomla |
14y ago |
Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files… |
| CVE-2012-5827 |
medium |
— |
4.3 |
|
|
joomla |
14y ago |
Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection." |
| CVE-2012-4532 |
medium |
— |
4.3 |
|
|
joomla |
14y ago |
Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web scrip… |
| CVE-2012-4531 |
medium |
— |
4.3 |
|
|
joomla |
14y ago |
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-5455 |
medium |
— |
4.3 |
|
|
joomla |
14y ago |
Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a … |
| CVE-2011-4911 |
medium |
— |
5.0 |
|
|
joomla |
14y ago |
Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors. |
| CVE-2011-4910 |
medium |
— |
4.3 |
|
|
joomla |
14y ago |
Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. |
| CVE-2011-4909 |
medium |
— |
5.3 |
EXP |
|
joomla |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/vi… |
| CVE-2012-5232 |
medium |
— |
4.3 |
|
|
mediafirejoomla |
14y ago |
Cross-site scripting (XSS) vulnerability in the Quickl Form component for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-5230 |
high |
— |
7.5 |
|
|
harmistechnologyjoomla |
14y ago |
Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors. |
| CVE-2012-1117 |
medium |
— |
4.3 |
|
|
joomla |
14y ago |
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-1116 |
high |
— |
8.5 |
EXP |
|
joomla |
14y ago |
SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2012-5101 |
high |
— |
7.5 |
|
|
jextensionsjoomla |
14y ago |
SQL injection vulnerability in the JExtensions JE Poll component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2012-1612 |
medium |
— |
4.3 |
|
|
joomla |
14y ago |
Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-1611 |
medium |
— |
5.0 |
|
|
joomla |
14y ago |
Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a dup… |
| CVE-2012-0837 |
medium |
— |
5.0 |
|
|
joomla |
14y ago |
Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator." |
| CVE-2012-0836 |
medium |
— |
5.0 |
|
|
joomla |
14y ago |
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors. |
| CVE-2012-0835 |
medium |
— |
5.0 |
|
|
joomla |
14y ago |
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain sensitive information via unknown vectors related to "administrator." |
| CVE-2012-0822 |
medium |
— |
4.3 |
|
|
joomla |
14y ago |
Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… |
| CVE-2012-0821 |
medium |
— |
5.0 |
|
|
joomla |
14y ago |
Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0819. |
| CVE-2012-0820 |
medium |
— |
4.3 |
|
|
joomla |
14y ago |
Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than… |
| CVE-2012-0819 |
medium |
— |
5.0 |
|
|
joomla |
14y ago |
Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0821. |
| CVE-2006-7247 |
high |
— |
8.5 |
EXP |
|
joomlamambo-foundation |
14y ago |
SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. |
| CVE-2012-4868 |
high |
— |
7.5 |
|
|
kunenajoomla |
14y ago |
SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2011-5148 |
medium |
— |
7.8 |
EXP |
|
wasenjoomla |
14y ago |
Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file… |
| CVE-2011-5134 |
medium |
— |
6.0 |
|
|
widgetfactorylimitedjoomla |
14y ago |
Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the JCE component before 2.0.18 for Joomla! allows remote authenticated users with the author privileges to execute arb… |
