U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
  • CPE Name Search: false
There are 1,191 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2024-40745

Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8.

Published: December 04, 2024; 10:15:11 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-40744

Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8.

Published: December 04, 2024; 10:15:11 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-11145

Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Joomla! application. Fixed in versions 3.8 and 4.5.

Published: November 26, 2024; 3:15:25 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-40746

A stored cross-site scripting (XSS) vulnerability in HikaShop Joomla Component < 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the `description` parameter of any product. The `description `parameter is not sanitised in the backend.

Published: October 21, 2024; 1:15:03 PM -0400
V4.0:(not available)
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2024-27183

XSS vulnerability in DJ-HelpfulArticles component for Joomla.

Published: July 09, 2024; 2:15:09 PM -0400
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2024-5737

Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0.

Published: June 28, 2024; 8:15:11 AM -0400
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2024-5736

Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: before 5.0.

Published: June 28, 2024; 8:15:10 AM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2024-5735

Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0.

Published: June 28, 2024; 8:15:10 AM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2024-32788

Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Joomla to WordPress.This issue affects FG Joomla to WordPress: from n/a through 4.20.2.

Published: April 24, 2024; 4:15:39 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-24837

Cross-Site Request Forgery (CSRF) vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce, Frédéric GILLES FG Drupal to WordPress, Frédéric GILLES FG Joomla to WordPress.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.44.3; FG Drupal to WordPress: from n/a through 3.67.0; FG Joomla to WordPress: from n/a through 4.15.0.

Published: February 21, 2024; 3:15:46 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-21728

An Open Redirect vulnerability was found in osTicky2 below 2.2.8. osTicky (osTicket Bridge) by SmartCalc is a Joomla 3.x extension that provides Joomla fronted integration with osTicket, a popular Support ticket system. The Open Redirect vulnerability allows attackers to control the return parameter in the URL to a base64 malicious URL.

Published: February 15, 2024; 4:15:09 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-21727

XSS vulnerability in DP Calendar component for Joomla.

Published: February 15, 2024; 2:15:11 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2023-49708

SQLi vulnerability in Starshop component for Joomla.

Published: December 14, 2023; 4:15:42 AM -0500
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-49707

SQLi vulnerability in S5 Register module for Joomla.

Published: December 14, 2023; 4:15:42 AM -0500
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-40659

A reflected XSS vulnerability was discovered in the Easy Quick Contact module for Joomla.

Published: December 14, 2023; 4:15:41 AM -0500
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-40658

A reflected XSS vulnerability was discovered in the Clicky Analytics Dashboard module for Joomla.

Published: December 14, 2023; 4:15:41 AM -0500
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-40657

A reflected XSS vulnerability was discovered in the Joomdoc component for Joomla.

Published: December 14, 2023; 4:15:41 AM -0500
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-40656

A reflected XSS vulnerability was discovered in the Quickform component for Joomla.

Published: December 14, 2023; 4:15:41 AM -0500
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-40655

A reflected XSS vulnerability was discovered in the Proforms Basic component for Joomla.

Published: December 14, 2023; 4:15:41 AM -0500
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-40630

Unauthenticated LFI/SSRF in JCDashboards component for Joomla.

Published: December 14, 2023; 4:15:41 AM -0500
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)