Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,124 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-27459

Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. If any user sees the post, the inserted XSS code is executed.

Published: November 16, 2020; 10:15:12 AM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-22274

JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection via a customer's profile.

Published: November 04, 2020; 1:15:19 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-19455

SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/helpers/categories.php, order function via the filter_order parameter.

Published: September 25, 2020; 12:15:22 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-19451

SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter.

Published: September 25, 2020; 11:15:44 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-19450

SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, getUserLimits function in the list parameter.

Published: September 25, 2020; 11:15:41 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-19447

SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter.

Published: September 24, 2020; 3:15:11 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-25751

The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter.

Published: September 18, 2020; 12:15:12 AM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-23971

gmapfp.org Joomla Component GMapFP J3.30pro is affected by Insecure Permissions. An attacker can access the upload function without authenticating to the application and also can upload files due the issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions.

Published: September 01, 2020; 12:15:12 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-23972

In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions.

Published: August 27, 2020; 10:15:09 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-24599

An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS attacks.

Published: August 26, 2020; 6:15:14 PM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-24598

An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of com_content leads to an open redirect.

Published: August 26, 2020; 6:15:13 PM -0400
V3.1: 6.1 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2020-15700

An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF vulnerability.

Published: July 15, 2020; 12:15:11 PM -0400
V3.1: 6.3 MEDIUM
V2.0: 6.8 MEDIUM
CVE-2020-15699

An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site configuration.

Published: July 15, 2020; 12:15:11 PM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2020-15698

An issue was discovered in Joomla! through 3.9.19. Inadequate filtering on the system information screen could expose Redis or proxy credentials

Published: July 15, 2020; 12:15:11 PM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2020-15697

An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users.

Published: July 15, 2020; 12:15:11 PM -0400
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-15696

An issue was discovered in Joomla! through 3.9.19. Lack of input filtering and escaping allows XSS attacks in mod_random_image.

Published: July 15, 2020; 12:15:11 PM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-15695

An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF vulnerability.

Published: July 15, 2020; 12:15:11 PM -0400
V3.1: 6.3 MEDIUM
V2.0: 6.8 MEDIUM
CVE-2020-13996

The J2Store plugin before 3.3.13 for Joomla! allows a SQL injection attack by a trusted store manager.

Published: June 09, 2020; 5:15:10 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-13763

In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users.

Published: June 02, 2020; 4:15:10 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-13762

In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows XSS.

Published: June 02, 2020; 4:15:10 PM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM