joomla! cms vulnerabilities and exploits

(subscribe to this query)

An issue exists in Joomla! 4.2.0 up to and including 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.

Joomla! Project Joomla! Cms Joomla Joomla!

An issue exists in Joomla! 4.2.0 up to and including 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods.

Joomla! Project Joomla! Cms Joomla Joomla!

The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors.

Joomial Project Joomial Cms Joomla! Project Joomla! Cms

Multiple cross-site scripting (XSS) vulnerabilities in index.php in VirtueMart (formerly known as mambo-phpShop) Joomla! eCommerce Edition CMS 1.0.11, and possibly earlier, allow remote malicious users to inject arbitrary web script or HTML via the Itemid parameter in a (1) com_c...

Virtuemart Virtuemart Joomla Ecommerrce Edition Cms

1 EDB exploit

Improperly built order clauses lead to a SQL injection vulnerability in the backend task list of com_scheduler.

Joomla! Project Joomla! Cms

Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions.

Joomla! Project Joomla! Cms

Various module chromes didn't properly process inputs, leading to XSS vectors.

Joomla! Project Joomla! Cms

Lack of output escaping in the id attribute of menu lists.

Joomla! Project Joomla! Cms

Improper Access Controls allows access to protected views.

Joomla! Project Joomla! Cms

Inadequate content filtering leads to XSS vulnerabilities in various components.

Joomla! Project Joomla! Cms

1 Article

1 2 3 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook