U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,182 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2024-24837

Cross-Site Request Forgery (CSRF) vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce, Frédéric GILLES FG Drupal to WordPress, Frédéric GILLES FG Joomla to WordPress.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.44.3; FG Drupal to WordPress: from n/a through 3.67.0; FG Joomla to WordPress: from n/a through 4.15.0.

Published: February 21, 2024; 3:15:46 AM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2024-21728

An Open Redirect vulnerability was found in osTicky2 below 2.2.8. osTicky (osTicket Bridge) by SmartCalc is a Joomla 3.x extension that provides Joomla fronted integration with osTicket, a popular Support ticket system. The Open Redirect vulnerability allows attackers to control the return parameter in the URL to a base64 malicious URL.

Published: February 15, 2024; 4:15:09 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2024-21727

XSS vulnerability in DP Calendar component for Joomla.

Published: February 15, 2024; 2:15:11 AM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2023-49708

SQLi vulnerability in Starshop component for Joomla.

Published: December 14, 2023; 4:15:42 AM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-49707

SQLi vulnerability in S5 Register module for Joomla.

Published: December 14, 2023; 4:15:42 AM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-40659

A reflected XSS vulnerability was discovered in the Easy Quick Contact module for Joomla.

Published: December 14, 2023; 4:15:41 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-40658

A reflected XSS vulnerability was discovered in the Clicky Analytics Dashboard module for Joomla.

Published: December 14, 2023; 4:15:41 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-40657

A reflected XSS vulnerability was discovered in the Joomdoc component for Joomla.

Published: December 14, 2023; 4:15:41 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-40656

A reflected XSS vulnerability was discovered in the Quickform component for Joomla.

Published: December 14, 2023; 4:15:41 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-40655

A reflected XSS vulnerability was discovered in the Proforms Basic component for Joomla.

Published: December 14, 2023; 4:15:41 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-40630

Unauthenticated LFI/SSRF in JCDashboards component for Joomla.

Published: December 14, 2023; 4:15:41 AM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-40629

SQLi vulnerability in LMS Lite component for Joomla.

Published: December 14, 2023; 4:15:41 AM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-40628

A reflected XSS vulnerability was discovered in the Extplorer component for Joomla.

Published: December 14, 2023; 4:15:41 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-40627

A reflected XSS vulnerability was discovered in the LivingWord component for Joomla.

Published: December 14, 2023; 4:15:41 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-39974

Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list.

Published: August 17, 2023; 5:15:09 PM -0400
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2023-39973

Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows the unauthorized removal of attachments from campaigns.

Published: August 17, 2023; 5:15:09 PM -0400
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-39972

Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized users to create new mailing lists.

Published: August 17, 2023; 5:15:09 PM -0400
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-39971

Improper Neutralization of Input During Web Page Generation vulnerability in AcyMailing Enterprise component for Joomla allows XSS. This issue affects AcyMailing Enterprise component for Joomla: 6.7.0-8.6.3.

Published: August 17, 2023; 5:15:09 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-39970

Unrestricted Upload of File with Dangerous Type vulnerability in AcyMailing component for Joomla. It allows remote code execution.

Published: August 17, 2023; 5:15:09 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-38045

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements.

Published: August 07, 2023; 1:15:11 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)