Joomla Cms Vulnerabilities

Arbitrary File Extension Vulnerability in Joomla Media Manager

CVE-2025-22213

JoomlaJoomla! Cms7.1HIGH

SQL Injection Vulnerability in Joomla's Scheduled Tasks Component

CVE-2025-22207

JoomlaJoomla! Cms6.7MEDIUM

Cache Poisoning Vulnerability in Pagination

CVE-2024-27185

JoomlaJoomla! Cms9.1CRITICAL

XSS Vulnerabilities in Mail Template Feature of Unspecified Extensions

CVE-2024-27186

JoomlaJoomla! Cms

Invalid URL Validation Could Lead to Security Vulnerabilities

CVE-2024-27184

JoomlaJoomla! Cms

XSS Vulnerabilities in Image Processing Methods

CVE-2024-40743

JoomlaJoomla! Cms

Backend Username Overwrite Vulnerability Discovered

CVE-2024-27187

JoomlaJoomla! Cms

AccessiMedia Field Vulnerable to XSS Attacks Due to Inadequate Input Validation

CVE-2024-21729

JoomlaJoomla! Cms6.1MEDIUM

FancySelect List Field Layout Vulnerable to Self-XSS Attacks

CVE-2024-21730

JoomlaJoomla! Cms5.4MEDIUM

Inadequate Content Filtering Leads to XSS Vulnerabilities

CVE-2024-26279

JoomlaJoomla! Cms6.1MEDIUM

Filter Flaw Exposes Custom Fields to Cross-Site Scripting Attacks

CVE-2024-26278

JoomlaJoomla! Cms6.1MEDIUM

XSS Vector in StringHelper::truncate

CVE-2024-21731

JoomlaJoomla! Cms6.1MEDIUM

MFA management system vulnerability: Sessions not properly terminated

CVE-2024-21722

JoomlaJoomla! Cms

XSS Vulnerabilities in Media Selection Fields

CVE-2024-21724

JoomlaJoomla! Cms6.1MEDIUM

Inadequate Escaping of Mail Addresses Leads to XSS Vulnerabilities

CVE-2024-21725

JoomlaJoomla! Cms

Inadequate Content Filtering Leads to XSS Vulnerabilities

CVE-2024-21726

JoomlaJoomla! Cms📈📰

Inadequate URL Parsing Could Lead to Open Redirect Vulnerabilities

CVE-2024-21723

JoomlaJoomla! Cms

[20231101] - Core - Exposure of environment variables

CVE-2023-40626

JoomlaJoomla! Cms👾🟡7.5HIGH

[20230501] - Core - Open Redirect and XSS within the mfa select

CVE-2023-23754

JoomlaJoomla! Cms6.1MEDIUM

[20230502] - Core - Bruteforce prevention within the mfa screen

CVE-2023-23755

JoomlaJoomla! Cms7.5HIGH

Unauthorized Access to Webservice Endpoints in Joomla 4.0.0 through 4.2.7

CVE-2023-23752

JoomlaJoomla! Cms👾🟡EPSS 94%🦅📰5.3MEDIUM

[20230102] - Core - Missing ACL checks for com_actionlogs

CVE-2023-23751

JoomlaJoomla! Cms4.3MEDIUM

[20230101] - Core - CSRF within post-installation messages

CVE-2023-23750

JoomlaJoomla! Cms6.3MEDIUM

[20221101] - Core - RXSS through reflection of user input in com_media

CVE-2022-27914

JoomlaJoomla! Cms6.1MEDIUM

[20221001] - Core - Debug Mode leaks full request payloads including passwords

CVE-2022-27912

JoomlaJoomla! Cms5.3MEDIUM

Joomla Cms Vulnerabilities

Vulnerability Published:

Sort By:

11 March 2025

Arbitrary File Extension Vulnerability in Joomla Media Manager

18 February 2025

SQL Injection Vulnerability in Joomla's Scheduled Tasks Component

20 August 2024

Cache Poisoning Vulnerability in Pagination

XSS Vulnerabilities in Mail Template Feature of Unspecified Extensions

Invalid URL Validation Could Lead to Security Vulnerabilities

XSS Vulnerabilities in Image Processing Methods

Backend Username Overwrite Vulnerability Discovered

9 July 2024

AccessiMedia Field Vulnerable to XSS Attacks Due to Inadequate Input Validation

FancySelect List Field Layout Vulnerable to Self-XSS Attacks

Inadequate Content Filtering Leads to XSS Vulnerabilities

Filter Flaw Exposes Custom Fields to Cross-Site Scripting Attacks

XSS Vector in StringHelper::truncate

29 February 2024

MFA management system vulnerability: Sessions not properly terminated

XSS Vulnerabilities in Media Selection Fields

Inadequate Escaping of Mail Addresses Leads to XSS Vulnerabilities

Inadequate Content Filtering Leads to XSS Vulnerabilities

Inadequate URL Parsing Could Lead to Open Redirect Vulnerabilities

29 November 2023

[20231101] - Core - Exposure of environment variables

30 May 2023

[20230501] - Core - Open Redirect and XSS within the mfa select

[20230502] - Core - Bruteforce prevention within the mfa screen

16 February 2023

Unauthorized Access to Webservice Endpoints in Joomla 4.0.0 through 4.2.7

1 February 2023

[20230102] - Core - Missing ACL checks for com_actionlogs

[20230101] - Core - CSRF within post-installation messages

8 November 2022

[20221101] - Core - RXSS through reflection of user input in com_media

25 October 2022

[20221001] - Core - Debug Mode leaks full request payloads including passwords