Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
joomla vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-23124
An issue exists in Joomla! 3.9.0 up to and including 3.9.23. The lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks.
Joomla Joomla\\!
5.3
CVSSv3
CVE-2021-23123
An issue exists in Joomla! 3.0.0 up to and including 3.9.23. The lack of ACL checks in the orderPosition endpoint of com_modules leak names of unpublished and/or inaccessible modules.
Joomla Joomla\\!
1 Github repository
6.1
CVSSv3
CVE-2021-23125
An issue exists in Joomla! 3.1.0 up to and including 3.9.23. The lack of escaping of image-related parameters in multiple com_tags views cause lead to XSS attack vectors.
Joomla Joomla\\!
7.5
CVSSv3
CVE-2020-35610
An issue exists in Joomla! 2.5.0 up to and including 3.9.22. The autosuggestion feature of com_finder did not respect the access level of the corresponding terms.
Joomla Joomla\\!
7.5
CVSSv3
CVE-2020-35611
An issue exists in Joomla! 2.5.0 up to and including 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values.
Joomla Joomla\\!
7.5
CVSSv3
CVE-2020-35612
An issue exists in Joomla! 2.5.0 up to and including 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.
Joomla Joomla\\!
9.8
CVSSv3
CVE-2020-35613
An issue exists in Joomla! 3.0.0 up to and including 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list.
Joomla Joomla\\!
6.3
CVSSv3
CVE-2020-35615
An issue exists in Joomla! 2.5.0 up to and including 3.9.22. A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability.
Joomla Joomla\\!
5.3
CVSSv3
CVE-2020-35614
An issue exists in Joomla! 3.9.0 up to and including 3.9.22. Improper handling of the username leads to a user enumeration attack vector in the backend login page.
Joomla Joomla\\!
7.5
CVSSv3
CVE-2020-35616
An issue exists in Joomla! 1.7.0 up to and including 3.9.22. Lack of input validation while handling ACL rulesets can cause write ACL violations.
Joomla Joomla\\!
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »