Filtered by vendor Joomla Subscriptions
Total 921 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-35610 1 Joomla 1 Joomla\! 2024-09-17 7.5 High
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The autosuggestion feature of com_finder did not respect the access level of the corresponding terms.
CVE-2013-3719 2 Algisinfo, Joomla 2 Aicontactsafe, Joomla\! 2024-09-17 N/A
Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-0821 1 Joomla 1 Joomla\! 2024-09-17 N/A
Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0819.
CVE-2021-23128 1 Joomla 1 Joomla\! 2024-09-17 9.1 Critical
An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to 'random_bytes()' and its backport that is shipped within random_compat.
CVE-2010-0760 2 Greatjoomla, Joomla 2 Scriptegrator Plugin, Joomla\! 2024-09-17 N/A
Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) file parameter to libraries/jquery/js/ui/jsloader.php and the (2) files[] parameter to libraries/jquery/js/jsloader.php, a different vector than CVE-2010-0759. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2021-26034 1 Joomla 1 Joomla\! 2024-09-17 6.5 Medium
An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo.
CVE-2010-5022 2 Harmistechnology, Joomla 2 Com Jesubmit, Joomla\! 2024-09-17 N/A
SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.
CVE-2006-1047 1 Joomla 1 Joomla 2024-09-17 N/A
Unspecified vulnerability in the "Remember Me login functionality" in Joomla! 1.0.7 and earlier has unknown impact and attack vectors.
CVE-2011-4829 2 Barter-sites, Joomla 2 Com Listing, Joomla\! 2024-09-17 N/A
SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php.
CVE-2021-26031 1 Joomla 1 Joomla\! 2024-09-17 5.3 Medium
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI.
CVE-2010-1559 2 Joomla, Martin Hess 2 Joomla\!, Com Sermonspeaker 2024-09-17 N/A
SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a speakerpopup action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2013-3056 1 Joomla 1 Joomla\! 2024-09-17 N/A
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors.
CVE-2010-2033 2 Joomla, Percha 2 Joomla\!, Com Perchacategoriestree 2024-09-17 N/A
Directory traversal vulnerability in the Percha Multicategory Article (com_perchacategoriestree) component 0.6 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2006-7009 1 Joomla 1 Joomla 2024-09-17 N/A
Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors.
CVE-2021-26027 1 Joomla 1 Joomla\! 2024-09-17 5.3 Medium
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article.
CVE-2021-23131 1 Joomla 1 Joomla\! 2024-09-17 7.5 High
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager.
CVE-2012-0835 1 Joomla 1 Joomla\! 2024-09-17 N/A
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain sensitive information via unknown vectors related to "administrator."
CVE-2006-5042 1 Joomla 2 Com Mosmedia, Mosmedia 2024-09-17 N/A
Unspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and earlier for Joomla! has unspecified impact and attack vectors.
CVE-2014-7983 1 Joomla 1 Joomla\! 2024-09-17 N/A
Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1950 2 Emultisoft, Joomla 2 Com Jnewspaper, Joomla\! 2024-09-17 N/A
SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the date_info parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.