Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

joomla joomla! vulnerabilities and exploits

(subscribe to this query)
9.8
CVSSv3

CVE-2017-14596

In Joomla! prior to 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
Joomla Joomla! 1.5.0Joomla Joomla! 1.5.1Joomla Joomla! 1.5.2Joomla Joomla! 1.5.3Joomla Joomla! 1.5.4Joomla Joomla! 1.5.5Joomla Joomla! 1.5.6Joomla Joomla! 1.5.7Joomla Joomla! 1.5.8Joomla Joomla! 1.5.9Joomla Joomla! 1.5.10Joomla Joomla! 1.5.11
5.3
CVSSv3

CVE-2017-7983

In Joomla! 1.5.0 up to and including 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.
Joomla Joomla! 1.5.0Joomla Joomla! 1.5.1Joomla Joomla! 1.5.2Joomla Joomla! 1.5.3Joomla Joomla! 1.5.4Joomla Joomla! 1.5.5Joomla Joomla! 1.5.6Joomla Joomla! 1.5.7Joomla Joomla! 1.5.8Joomla Joomla! 1.5.9Joomla Joomla! 1.5.10Joomla Joomla! 1.5.11
6.1
CVSSv3

CVE-2017-7986

In Joomla! 1.5.0 up to and including 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.
Joomla Joomla! 1.5.0Joomla Joomla! 1.5.1Joomla Joomla! 1.5.2Joomla Joomla! 1.5.3Joomla Joomla! 1.5.4Joomla Joomla! 1.5.5Joomla Joomla! 1.5.6Joomla Joomla! 1.5.7Joomla Joomla! 1.5.8Joomla Joomla! 1.5.9Joomla Joomla! 1.5.10Joomla Joomla! 1.5.11
7.5
CVSSv2

CVE-2015-8562

Joomla! 1.5.x, 2.x, and 3.x prior to 3.4.6 allow remote malicious users to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
Joomla Joomla! 1.5.0Joomla Joomla! 1.5.1Joomla Joomla! 1.5.2Joomla Joomla! 1.5.3Joomla Joomla! 1.5.4Joomla Joomla! 1.5.6Joomla Joomla! 1.5.7Joomla Joomla! 1.5.8Joomla Joomla! 1.5.9Joomla Joomla! 1.5.10Joomla Joomla! 1.5.11Joomla Joomla! 1.5.12
6.1
CVSSv3

CVE-2017-11612

In Joomla! prior to 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.
Joomla Joomla! 1.5.0Joomla Joomla! 1.5.1Joomla Joomla! 1.5.2Joomla Joomla! 1.5.3Joomla Joomla! 1.5.4Joomla Joomla! 1.5.5Joomla Joomla! 1.5.6Joomla Joomla! 1.5.7Joomla Joomla! 1.5.8Joomla Joomla! 1.5.9Joomla Joomla! 1.5.10Joomla Joomla! 1.5.11
8.8
CVSSv3

CVE-2017-11364

The CMS installer in Joomla! prior to 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.
Joomla Joomla! 1.0.0Joomla Joomla! 1.0.1Joomla Joomla! 1.0.2Joomla Joomla! 1.0.3Joomla Joomla! 1.0.4Joomla Joomla! 1.0.5Joomla Joomla! 1.0.6Joomla Joomla! 1.0.7Joomla Joomla! 1.0.8Joomla Joomla! 1.0.9Joomla Joomla! 1.0.10Joomla Joomla! 1.0.11
5.3
CVSSv3

CVE-2017-7988

In Joomla! 1.6.0 up to and including 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article.
Joomla Joomla! 1.5.16Joomla Joomla! 1.5.17Joomla Joomla! 1.5.18Joomla Joomla! 1.5.19Joomla Joomla! 1.5.20Joomla Joomla! 1.5.21Joomla Joomla! 1.5.22Joomla Joomla! 1.5.23Joomla Joomla! 1.5.24Joomla Joomla! 1.5.25Joomla Joomla! 1.5.26Joomla Joomla! 1.6.0
4.3
CVSSv2

CVE-2011-2509

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! prior to 1.6.4 allow remote malicious users to inject arbitrary web script or HTML via (1) the query string to the com_contact component, as demonstrated by the Itemid parameter to index.php; (2) the query string to t...
Joomla Joomla!Joomla Joomla! 1.5.0Joomla Joomla! 1.5.1Joomla Joomla! 1.5.2Joomla Joomla! 1.5.3Joomla Joomla! 1.5.4Joomla Joomla! 1.5.5Joomla Joomla! 1.5.6Joomla Joomla! 1.5.7Joomla Joomla! 1.5.8Joomla Joomla! 1.5.9Joomla Joomla! 1.5.10
6.1
CVSSv3

CVE-2017-9934

Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 up to and including 3.7.2 lead to an XSS vulnerability.
Joomla Joomla! 1.7.3Joomla Joomla! 1.7.4Joomla Joomla! 1.7.5Joomla Joomla! 2.5.0Joomla Joomla! 2.5.1Joomla Joomla! 2.5.2Joomla Joomla! 2.5.3Joomla Joomla! 2.5.4Joomla Joomla! 2.5.5Joomla Joomla! 2.5.6Joomla Joomla! 2.5.7Joomla Joomla! 2.5.8
7.5
CVSSv3

CVE-2017-9933

Improper cache invalidation in Joomla! CMS 1.7.3 up to and including 3.7.2 leads to disclosure of form contents.
Joomla Joomla! 1.7.3Joomla Joomla! 1.7.4Joomla Joomla! 1.7.5Joomla Joomla! 2.5.0Joomla Joomla! 2.5.1Joomla Joomla! 2.5.2Joomla Joomla! 2.5.3Joomla Joomla! 2.5.4Joomla Joomla! 2.5.5Joomla Joomla! 2.5.6Joomla Joomla! 2.5.7Joomla Joomla! 2.5.8
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
ssl.comCVE-2025-3278CVE-2025-24054brute forcefirewallprivilege escalationCVE-2025-24914qriousladCVE-2025-42599pritunlnamelessmcCVE-2025-3103CVE-2025-43895
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook