Filtered by vendor Joomla
Subscriptions
Filtered by product Joomla\!
Subscriptions
Total
589 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8419 | 1 Joomla | 1 Joomla\! | 2024-08-04 | 8.8 High |
| An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities. | ||||
| CVE-2020-8421 | 1 Joomla | 1 Joomla\! | 2024-08-04 | 6.1 Medium |
| An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs. | ||||
| CVE-2023-40626 | 1 Joomla | 1 Joomla\! | 2024-08-04 | 7.5 High |
| The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information. | ||||
| CVE-2023-23755 | 1 Joomla | 1 Joomla\! | 2024-08-04 | 7.5 High |
| An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods. | ||||
| CVE-2023-23754 | 1 Joomla | 1 Joomla\! | 2024-08-04 | 6.1 Medium |
| An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen. | ||||
| CVE-2023-23750 | 1 Joomla | 1 Joomla\! | 2024-08-04 | 6.3 Medium |
| An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages. | ||||
| CVE-2023-23751 | 1 Joomla | 1 Joomla\! | 2024-08-04 | 4.3 Medium |
| An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs. | ||||
| CVE-2024-26279 | 1 Joomla | 1 Joomla\! | 2024-08-02 | 6.1 Medium |
| The wrapper extensions do not correctly validate inputs, leading to XSS vectors. | ||||
| CVE-2024-26278 | 1 Joomla | 1 Joomla\! | 2024-08-02 | 6.1 Medium |
| The Custom Fields component not correctly filter inputs, leading to a XSS vector. | ||||