Joomla Latest Vulnerabilities

August 20

Cache Poisoning Vulnerability in Pagination

CVE-2024-27185
JoomlaJoomla! Cms

XSS Vulnerabilities in Mail Template Feature of Unspecified Extensions

CVE-2024-27186
JoomlaJoomla! Cms

Invalid URL Validation Could Lead to Security Vulnerabilities

CVE-2024-27184
JoomlaJoomla! Cms

XSS Vulnerabilities in Image Processing Methods

CVE-2024-40743
JoomlaJoomla! Cms

Backend Username Overwrite Vulnerability Discovered

CVE-2024-27187
JoomlaJoomla! Cms

July 9

AccessiMedia Field Vulnerable to XSS Attacks Due to Inadequate Input Validation

CVE-2024-21729
JoomlaJoomla! Cms6.1MEDIUM

FancySelect List Field Layout Vulnerable to Self-XSS Attacks

CVE-2024-21730
JoomlaJoomla! Cms5.4MEDIUM

Inadequate Content Filtering Leads to XSS Vulnerabilities

CVE-2024-26279
JoomlaJoomla! Cms6.1MEDIUM

Filter Flaw Exposes Custom Fields to Cross-Site Scripting Attacks

CVE-2024-26278
JoomlaJoomla! Cms6.1MEDIUM

XSS Vector in StringHelper::truncate

CVE-2024-21731
JoomlaJoomla! Cms6.1MEDIUM

February 29

Inadequate Content Filtering Leads to XSS Vulnerabilities

CVE-2024-21726
JoomlaJoomla! Cms😄

Inadequate URL Parsing Could Lead to Open Redirect Vulnerabilities

CVE-2024-21723
JoomlaJoomla! Cms

Inadequate Escaping of Mail Addresses Leads to XSS Vulnerabilities

CVE-2024-21725
JoomlaJoomla! Cms

MFA management system vulnerability: Sessions not properly terminated

CVE-2024-21722
JoomlaJoomla! Cms

XSS Vulnerabilities in Media Selection Fields

CVE-2024-21724
JoomlaJoomla! Cms

November 29

[20231101] - Core - Exposure of environment variables

CVE-2023-40626
JoomlaJoomla! Cms👾7.5HIGH

May 30

[20230502] - Core - Bruteforce prevention within the mfa screen

CVE-2023-23755
JoomlaJoomla! Cms7.5HIGH

[20230501] - Core - Open Redirect and XSS within the mfa select

CVE-2023-23754
JoomlaJoomla! Cms6.1MEDIUM

February 16

Unauthorized Access to Webservice Endpoints in Joomla 4.0.0 through 4.2.7

CVE-2023-23752
JoomlaJoomla! Cms👾5.3MEDIUM

February 1

[20230102] - Core - Missing ACL checks for com_actionlogs

CVE-2023-23751
JoomlaJoomla! Cms4.3MEDIUM

[20230101] - Core - CSRF within post-installation messages

CVE-2023-23750
JoomlaJoomla! Cms6.3MEDIUM

November 8

[20221101] - Core - RXSS through reflection of user input in com_media

CVE-2022-27914
JoomlaJoomla! Cms6.1MEDIUM

October 25

[20221002] - Core - RXSS through reflection of user input in headings

CVE-2022-27913
JoomlaJoomla! Cms6.1MEDIUM

[20221001] - Core - Debug Mode leaks full request payloads including passwords

CVE-2022-27912
JoomlaJoomla! Cms5.3MEDIUM

August 31

[20220801] - Core - Multiple Full Path Disclosures because of missing '_JEXEC or die check'

CVE-2022-27911
JoomlaJoomla! Cms5.3MEDIUM

March 30

[20220305] - Core - Inadequate filtering on the selected Ids

CVE-2022-23797
JoomlaJoomla! Cms9.8CRITICAL

[20220309] - Core - XSS attack vector through SVG

CVE-2022-23801
JoomlaJoomla! Cms6.1MEDIUM

[20220304] - Core - Missing input validation within com_fields class inputs

CVE-2022-23796
JoomlaJoomla! Cms6.1MEDIUM

[20220308] - Core - Inadequate content filtering within the filter code

CVE-2022-23800
JoomlaJoomla! Cms6.1MEDIUM

[20220303] - Core - User row are not bound to a authentication mechanism

CVE-2022-23795
JoomlaJoomla! Cms9.8CRITICAL

[20220307] - Core - Variable Tampering on JInput $_REQUEST data

CVE-2022-23799
JoomlaJoomla! Cms9.8CRITICAL

[20220301] - Core - Zip Slip within the Tar extractor

CVE-2022-23793
JoomlaJoomla! Cms7.5HIGH

March 29

[20220306] - Core - Inadequate validation of internal URLs

CVE-2022-23798
JoomlaJoomla! Cms6.1MEDIUM

[20220302] - Core - Path Disclosure within filesystem error messages

CVE-2022-23794
JoomlaJoomla! Cms5.3MEDIUM

August 24

[20210801] - Core - Insufficient access control for com_media deletion endpoint

CVE-2021-26040
JoomlaJoomla! Cms9.1CRITICAL

July 7

[20210701] - Core - XSS in JForm Rules field

CVE-2021-26035
JoomlaJoomla! Cms6.1MEDIUM

[20210702] - Core - DoS through usergroup table manipulation

CVE-2021-26036
JoomlaJoomla! Cms7.5HIGH

[20210705] - Core - XSS in com_media imagelist

CVE-2021-26039
JoomlaJoomla! Cms6.1MEDIUM

[20210703] - Core - Lack of enforced session termination

CVE-2021-26037
JoomlaJoomla! Cms5.3MEDIUM

[20210704] - Core - Privilege escalation through com_installer

CVE-2021-26038
JoomlaJoomla! Cms7.5HIGH

June 21

CVE-2010-1433
JoomlaJoomla9.8CRITICAL

CVE-2010-1432
JoomlaJoomla7.5HIGH

CVE-2010-1434
JoomlaJoomla7.5HIGH

CVE-2010-1435
JoomlaJoomla9.8CRITICAL

May 26

[20210503] - Core - CSRF in data download endpoints

CVE-2021-26034
JoomlaJoomla! Cms6.5MEDIUM

[20210501] - Core - Adding HTML to the executable block list of MediaHelper::canUpload

CVE-2021-26032
JoomlaJoomla! Cms6.1MEDIUM

[20210502] - Core - CSRF in AJAX reordering endpoint

CVE-2021-26033
JoomlaJoomla! Cms6.5MEDIUM

April 14

[20210402] - Core - Inadequate filters on module layout settings

CVE-2021-26031
JoomlaJoomla! Cms5.3MEDIUM

[20210401] - Core - Escape xss in logo parameter error pages

CVE-2021-26030
JoomlaJoomla! Cms6.1MEDIUM

March 4

[20210301] - Core - Insecure randomness within 2FA secret generation

CVE-2021-23126
JoomlaJoomla! Cms5.3MEDIUM

[20210306] - Core - com_media allowed paths that are not intended for image uploads

CVE-2021-23132
JoomlaJoomla! Cms👾7.5HIGH

[20210309] - Core - Inadequate filtering of form contents could allow to overwrite the author field

CVE-2021-26029
JoomlaJoomla! Cms5.3MEDIUM

[20210307] - Core - ACL violation within com_content frontend editing

CVE-2021-26027
JoomlaJoomla! Cms5.3MEDIUM

[20210303] - Core - XSS within alert messages showed to users

CVE-2021-23129
JoomlaJoomla! Cms6.1MEDIUM

[20210305] - Core - Input validation within the template manager

CVE-2021-23131
JoomlaJoomla! Cms7.5HIGH

[20210302] - Core - Potential Insecure FOFEncryptRandval

CVE-2021-23128
JoomlaJoomla! Cms9.1CRITICAL

[20210304] - Core - XSS within the feed parser library

CVE-2021-23130
JoomlaJoomla! Cms6.1MEDIUM

[20210308] - Core - Path Traversal within joomla/archive zip class

CVE-2021-26028
JoomlaJoomla! Cms5.5MEDIUM

[20210301] - Core - Insecure randomness within 2FA secret generation

CVE-2021-23127
JoomlaJoomla! Cms9.1CRITICAL

January 12

[20210102] - Core - XSS in mod_breadcrumbs aria-label attribute

CVE-2021-23124
JoomlaJoomla! Cms6.1MEDIUM

[20210101] - Core - com_modules exposes module names

CVE-2021-23123
JoomlaJoomla! Cms5.3MEDIUM

[20210103] - Core - XSS in com_tags image parameters

CVE-2021-23125
JoomlaJoomla! Cms6.1MEDIUM

December 28

[20201104] - Core - SQL injection in com_users list view

CVE-2020-35613
JoomlaJoomla! Cms9.8CRITICAL

[20201106] - Core - CSRF in com_privacy emailexport feature

CVE-2020-35615
JoomlaJoomla! Cms6.3MEDIUM

[20201103] - Core - Path traversal in mod_random_image

CVE-2020-35612
JoomlaJoomla! Cms7.5HIGH

[20201107] - Core - Write ACL violation in multiple core views

CVE-2020-35616
JoomlaJoomla! Cms7.5HIGH

[20201105] - Core - User Enumeration in backend login

CVE-2020-35614
JoomlaJoomla! Cms5.3MEDIUM

[20201102] - Core - Disclosure of secrets in Global Configuration page

CVE-2020-35611
JoomlaJoomla! Cms7.5HIGH

[20201101] - Core - com_finder ignores access levels on autosuggest

CVE-2020-35610
JoomlaJoomla! Cms7.5HIGH

August 26

CVE-2020-24598
JoomlaJoomla\!6.1MEDIUM

CVE-2020-24599
JoomlaJoomla\!6.1MEDIUM

July 15

CVE-2020-15700
JoomlaJoomla\!6.3MEDIUM

CVE-2020-15699
JoomlaJoomla\!5.3MEDIUM

CVE-2020-15698
JoomlaJoomla\!5.3MEDIUM

CVE-2020-15697
JoomlaJoomla\!4.3MEDIUM

CVE-2020-15696
JoomlaJoomla\!6.1MEDIUM

CVE-2020-15695
JoomlaJoomla\!6.3MEDIUM

June 2

CVE-2020-13760
JoomlaJoomla\!8.8HIGH

CVE-2020-13761
JoomlaJoomla\!6.1MEDIUM

CVE-2020-13762
JoomlaJoomla\!6.1MEDIUM

CVE-2020-13763
JoomlaJoomla\!7.5HIGH

April 21

CVE-2020-11891
JoomlaJoomla\!5.3MEDIUM

CVE-2020-11889
JoomlaJoomla\!5.3MEDIUM

CVE-2020-11890
JoomlaJoomla\!👾5.3MEDIUM

March 16

CVE-2020-10243
JoomlaJoomla\!9.8CRITICAL

CVE-2020-10242
JoomlaJoomla\!6.1MEDIUM

CVE-2020-10241
JoomlaJoomla\!8.8HIGH

CVE-2020-10240
JoomlaJoomla\!5.3MEDIUM

CVE-2020-10239
JoomlaJoomla\!👾8.8HIGH

CVE-2020-10238
JoomlaJoomla\!👾7.5HIGH

January 28

CVE-2020-8419
JoomlaJoomla\!8.8HIGH

CVE-2020-8421
JoomlaJoomla\!6.1MEDIUM

CVE-2020-8420
JoomlaJoomla\!8.8HIGH

December 18

CVE-2019-19846
JoomlaJoomla\!9.8CRITICAL

CVE-2019-19845
JoomlaJoomla\!5.3MEDIUM

November 6

CVE-2019-18650
JoomlaJoomla\!8.8HIGH

CVE-2019-18674
JoomlaJoomla\!5.3MEDIUM

September 24

CVE-2019-16725
JoomlaJoomla\!6.1MEDIUM

August 14

CVE-2019-15028
JoomlaJoomla\!5.3MEDIUM

August 5

CVE-2019-14654
JoomlaJoomla\!8.8HIGH