Filters
Joomla Joomla\![20240701] - Core - XSS in accessible media selection field
6.1
First published (updated )
Joomla Joomla\![20240702] - Core - Self-XSS in fancyselect list field layout
5.4
First published (updated )
Joomla Joomla\![20240704] - Core - XSS in Wrapper extensions
6.1
First published (updated )
Joomla Joomla\![20240705] - Core - XSS in com_fields default field value
6.1
First published (updated )
Joomla Joomla\![20240703] - Core - XSS in StringHelper::truncate method
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Joomla Joomla\![20231101] - Core - Exposure of environment variables
7.5
First published (updated )
Joomla Joomla\![20230501] - Core - Open Redirect and XSS within the mfa select
6.1
First published (updated )
Joomla Joomla\![20230502] - Core - Bruteforce prevention within the mfa screen
7.5
First published (updated )
Joomla Joomla\![20230201] - Core - Improper access check in webservice endpoints
First published (updated )
Joomla Joomla\![20230102] - Core - Missing ACL checks for com_actionlogs
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Joomla Joomla\![20230101] - Core - CSRF within post-installation messages
6.3
First published (updated )
Joomla Joomla\![20221101] - Core - RXSS through reflection of user input in com_media
6.1
First published (updated )
Joomla Joomla\![20221002] - Core - RXSS through reflection of user input in headings
6.1
First published (updated )
Joomla Joomla\![20221001] - Core - Debug Mode leaks full request payloads including passwords
5.3
First published (updated )
Joomla Joomla\![20220801] - Core - Multiple Full Path Disclosures because of missing '_JEXEC or die check'
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Joomla Joomla\![20220309] - Core - XSS attack vector through SVG
6.1
First published (updated )
Joomla Joomla\![20220306] - Core - Inadequate validation of internal URLs
6.1
First published (updated )
Joomla Joomla\![20220304] - Core - Missing input validation within com_fields class inputs
6.1
First published (updated )
Joomla Joomla\![20220303] - Core - User row are not bound to a authentication mechanism
9.8
First published (updated )
composer/joomla/filter[20220308] - Core - Inadequate content filtering within the filter code
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/joomla/filesystem[20220302] - Core - Path Disclosure within filesystem error messages
5.3
First published (updated )
composer/joomla/input[20220307] - Core - Variable Tampering on JInput $_REQUEST data
9.8
First published (updated )
composer/joomla/archive[20220301] - Core - Zip Slip within the Tar extractor
7.5
First published (updated )
Joomla Joomla\![20220305] - Core - Inadequate filtering on the selected Ids
9.8
First published (updated )
Joomla Joomla\![20210801] - Core - Insufficient access control for com_media deletion endpoint
9.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Joomla Joomla\![20210705] - Core - XSS in com_media imagelist
6.1
First published (updated )
Joomla Joomla\![20210704] - Core - Privilege escalation through com_installer
7.5
First published (updated )
Joomla Joomla\![20210703] - Core - Lack of enforced session termination
5.3
First published (updated )
Joomla Joomla\![20210702] - Core - DoS through usergroup table manipulation
7.5
First published (updated )
Joomla Joomla\![20210701] - Core - XSS in JForm Rules field
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Joomla Joomla\!Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hi…
7.5
First published (updated )
Joomla Joomla\![20210503] - Core - CSRF in data download endpoints
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Joomla Joomla\![20210501] - Core - Adding HTML to the executable block list of MediaHelper::canUpload
6.1
First published (updated )
Joomla Joomla\![20210502] - Core - CSRF in AJAX reordering endpoint
6.5
First published (updated )
Joomla Joomla\![20210402] - Core - Inadequate filters on module layout settings
5.3
First published (updated )
Joomla Joomla\![20210401] - Core - Escape xss in logo parameter error pages
6.1
First published (updated )
composer/joomla/archive[20210308] - Core - Path Traversal within joomla/archive zip class
5.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Joomla Joomla\![20210307] - Core - ACL violation within com_content frontend editing
5.3
First published (updated )
Joomla Joomla\![20210309] - Core - Inadequate filtering of form contents could allow to overwrite the author field
5.3
First published (updated )
Joomla Joomla\![20210302] - Core - Potential Insecure FOFEncryptRandval
9.1
First published (updated )
Joomla Joomla\![20210305] - Core - Input validation within the template manager
7.5
First published (updated )
Joomla Joomla\![20210306] - Core - com_media allowed paths that are not intended for image uploads
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Joomla Joomla\![20210303] - Core - XSS within alert messages showed to users
6.1
First published (updated )
Joomla Joomla\![20210304] - Core - XSS within the feed parser library
6.1
First published (updated )
Joomla Joomla\![20210301] - Core - Insecure randomness within 2FA secret generation
5.3
First published (updated )
Joomla Joomla\![20210301] - Core - Insecure randomness within 2FA secret generation
9.1
First published (updated )
Joomla Joomla\![20210102] - Core - XSS in mod_breadcrumbs aria-label attribute
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.