| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability. |
| An improper access check allows unauthorized access to com_config webservice endpoints. |
| Lack of output escaping leads to a XSS vector in the feed modules. |
| Lack of output escaping leads to a XSS vector in the multilingual associations component. |
| Lack of output escaping leads to a XSS vector in the readmore links for com_content. |
| Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder. |
| An improper validation of user-supplied input leads to a local file inclusion vulnerability. |
| An improper access check allows privilege escalation through the com_users batch task. |
| An improper access check allows privelege escalation through the com_users group editing webservice endpoint. |
| An improper access check allowed low privileged users to edit the task types of existing scheduler tasks. |
| An improper access check allows privilege escalation through the com_users batch task. |
| Lack of input filtering leads to an XSS vector in the HTML filter code. |
| Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029. |
| Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes." |
| Cross-site scripting (XSS) vulnerability in the IP Address Lookup functionality in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inject arbitrary web script and HTML via the ip parameter. |
| com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors. |
| Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php. |
| PHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the baseDir parameter. |
| PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in the Joomla Radio 5 (com_joomlaradiov5) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. |
| Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section. |