Search Results (979 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-8917 1 Joomla 1 Joomla\! 2025-04-20 N/A
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-9934 1 Joomla 1 Joomla\! 2025-04-20 N/A
Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability.
CVE-2017-11612 1 Joomla 1 Joomla\! 2025-04-20 N/A
In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.
CVE-2017-8057 1 Joomla 1 Joomla\! 2025-04-20 N/A
In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting.
CVE-2017-7984 1 Joomla 1 Joomla\! 2025-04-20 N/A
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component.
CVE-2017-11364 1 Joomla 1 Joomla\! 2025-04-20 N/A
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.
CVE-2017-9933 1 Joomla 1 Joomla\! 2025-04-20 N/A
Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.
CVE-2017-7986 1 Joomla 1 Joomla\! 2025-04-20 N/A
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.
CVE-2017-7989 1 Joomla 1 Joomla\! 2025-04-20 N/A
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.
CVE-2017-7983 1 Joomla 1 Joomla\! 2025-04-20 N/A
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.
CVE-2017-16634 1 Joomla 1 Joomla\! 2025-04-20 N/A
In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.
CVE-2015-5608 1 Joomla 1 Joomla\! 2025-04-20 N/A
Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.
CVE-2017-14596 1 Joomla 1 Joomla\! 2025-04-20 N/A
In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
CVE-2016-9081 1 Joomla 1 Joomla\! 2025-04-20 N/A
Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors.
CVE-2017-16633 1 Joomla 1 Joomla\! 2025-04-20 N/A
In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.
CVE-2017-7985 1 Joomla 1 Joomla\! 2025-04-20 N/A
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.
CVE-2014-7984 1 Joomla 1 Joomla\! 2025-04-12 N/A
Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication.
CVE-2014-7983 1 Joomla 1 Joomla\! 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-7982 1 Joomla 1 Joomla\! 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5953 2 Codepeople, Joomla 2 Com Multicalendar, Joomla\! 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) calid or (2) paletteDefault parameter in an editevent action to index.php.