ReportizFlow
Filtered by vendor Joomla
Subscriptions
Total
952 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1048 | 1 Joomla | 1 Joomla | 2025-04-03 | N/A |
| Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the (1) Weblink, (2) Polls, (3) Newsfeeds, (4) Weblinks, (5) Content, (6) Content Section, (7) Content Category, (8) Contact items, or (9) Contact Search, (10) Content Search, (11) Newsfeed Search, or (12) Weblink Search. | ||||
| CVE-2006-1957 | 2 Joomla, Mambo-foundation | 2 Joomla\!, Mambo | 2025-04-03 | N/A |
| The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter. | ||||
| CVE-2006-0303 | 1 Joomla | 1 Joomla | 2025-04-03 | N/A |
| Multiple unspecified vulnerabilities in the (1) publishing component, (2) Contact Component, (3) TinyMCE Compressor, and (4) other components in Joomla! 1.0.5 and earlier have unknown impact and attack vectors. | ||||
| CVE-2006-1029 | 1 Joomla | 1 Joomla | 2025-04-03 | N/A |
| The cross-site scripting (XSS) countermeasures in class.inputfilter.php in Joomla! 1.0.7 allow remote attackers to cause a denial of service via a crafted mosmsg parameter to index.php with a malformed sequence of multiple tags, as demonstrated using "<<>AAA<><>", possibly due to nested or empty tags. | ||||
| CVE-2005-3773 | 1 Joomla | 1 Joomla | 2025-04-03 | N/A |
| Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact and attack vectors, related to "Potential misuse of Media component file management functions." | ||||
| CVE-2006-4269 | 2 Joomla, Mambo | 2 X-shop Component, X-shop Component | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in admin.x-shop.php in the x-shop component (com_x-shop) 1.7 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third party researchers, stating that there is no mosConfig_absolute_path parameter and no admin.x-shop.php file in the reported package | ||||
| CVE-2006-3970 | 1 Joomla | 1 Lmo | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in lmo.php in the LMO Component (com_lmo) 1.0b2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2005-3771 | 1 Joomla | 1 Joomla | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) "GET and other variables" and (2) "SEF". | ||||
| CVE-2023-23750 | 1 Joomla | 1 Joomla\! | 2025-03-29 | 6.3 Medium |
| An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages. | ||||
| CVE-2024-21724 | 1 Joomla | 1 Joomla\! | 2025-03-29 | 6.1 Medium |
| Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions. | ||||
| CVE-2023-23751 | 1 Joomla | 1 Joomla\! | 2025-03-29 | 4.3 Medium |
| An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs. | ||||
| CVE-2024-26279 | 1 Joomla | 1 Joomla\! | 2025-03-26 | 6.1 Medium |
| The wrapper extensions do not correctly validate inputs, leading to XSS vectors. | ||||
| CVE-2024-21729 | 1 Joomla | 1 Joomla\! | 2025-03-26 | 6.1 Medium |
| Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field. | ||||
| CVE-2024-21730 | 1 Joomla | 1 Joomla\! | 2025-03-20 | 5.4 Medium |
| The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector. | ||||
| CVE-2024-26278 | 1 Joomla | 1 Joomla\! | 2025-03-14 | 4.6 Medium |
| The Custom Fields component not correctly filter inputs, leading to a XSS vector. | ||||
| CVE-2024-21731 | 1 Joomla | 1 Joomla\! | 2025-03-14 | 6.1 Medium |
| Improper handling of input could lead to an XSS vector in the StringHelper::truncate method. | ||||
| CVE-2023-23754 | 1 Joomla | 1 Joomla\! | 2025-01-10 | 6.1 Medium |
| An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen. | ||||
| CVE-2023-23755 | 1 Joomla | 1 Joomla\! | 2025-01-10 | 7.5 High |
| An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods. | ||||
| CVE-2023-40626 | 1 Joomla | 1 Joomla\! | 2024-12-04 | 7.5 High |
| The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information. | ||||
| CVE-2022-27914 | 1 Joomla | 1 Joomla\! | 2024-11-26 | 6.1 Medium |
| An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media. | ||||