[20221101] - Core - RXSS through reflection of user input in com_media
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 4.0.0-4.2.4 Exploit type: Reflexted XSS Reported Date: 2022-10-28 Fixed Date: 2022-11-08 CVE Number:...
View Article[20230201] - Core - Improper access check in webservice endpoints
Project: Joomla! SubProject: CMS Impact: Critical Severity: High Probability: High Versions: 4.0.0-4.2.7 Exploit type: Incorrect Access Control Reported Date: 2023-02-13 Fixed Date: 2023-02-16 CVE...
View Article[20230501] - Core - Open Redirects and XSS within the mfa selection
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 4.2.0-4.3.1 Exploit type: Open Redirect / XSS Reported Date: 2023-02-28 Fixed Date: 2023-05-28 CVE Number:...
View Article[20230502] - Core - Bruteforce prevention within the mfa screen
Project: Joomla! SubProject: CMS Impact: Critical Severity: Moderate Probability: Low Versions: 4.2.0-4.3.1 Exploit type: Lack of rate limiting Reported Date: 2023-04-29 Fixed Date: 2023-05-30 CVE...
View Article[20231101] - Core - Exposure of environment variables
Project: Joomla! SubProject: CMS Impact: High Severity: High Probability: Low Versions: 1.6.0-4.4.0, 5.0.0 Exploit type: Information Disclosure Reported Date: 2023-07-14 Fixed Date: 2023-11-21 CVE...
View Article[20240201] - Core - Insufficient session expiration in MFA management views
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 3.2.0-3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2 Exploit type: Insufficient Session Expiration Reported Date:...
View Article[20240202] - Core - Open redirect in installation application
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 1.5.0 - 3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2 Exploit type: Open Redirect Reported Date: 2023-11-08 Fixed Date:...
View Article[20240203] - Core - XSS in media selection fields
Project: Joomla! SubProject: CMS Impact: Moderate Severity: Moderate Probability: Moderate Versions: 1.6.0-3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2 Exploit type: XSS Reported Date: 2024-01-09 Fixed...
View Article[20240204] - Core - XSS in mail address outputs
Project: Joomla! SubProject: CMS Impact: Moderate Severity: High Probability: High Versions: 4.0.0-4.4.2, 5.0.0-5.0.2 Exploit type: XSS Reported Date: 2024-01-30 Fixed Date: 2024-02-20 CVE Number:...
View Article[20240205] - Core - Inadequate content filtering within the filter code
Project: Joomla! / Joomla! Framework SubProject: CMS / filter Impact: Moderate Severity: Moderate Probability: Moderate Versions: 3.7.0-3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2 Exploit type: XSS...
View Article
