Filtered by vendor Joomla
Subscriptions
Filtered by product Joomla\!
Subscriptions
Total
605 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-7899 | 1 Joomla | 1 Joomla\! | 2025-04-12 | N/A |
| The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2013-5953 | 2 Codepeople, Joomla | 2 Com Multicalendar, Joomla\! | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) calid or (2) paletteDefault parameter in an editevent action to index.php. | ||||
| CVE-2015-6939 | 1 Joomla | 1 Joomla\! | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-9837 | 1 Joomla | 1 Joomla\! | 2025-04-12 | N/A |
| An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view articles that should not be publicly accessible, as demonstrated by an index.php?option=com_content&view=article&id=1&template=beez3 request. | ||||
| CVE-2015-8563 | 1 Joomla | 1 Joomla\! | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2015-8564 | 1 Joomla | 1 Joomla\! | 2025-04-12 | N/A |
| Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive. | ||||
| CVE-2012-2413 | 1 Joomla | 1 Joomla\! | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php. | ||||
| CVE-2013-5952 | 2 Codologic, Joomla | 2 Com Freichat, Joomla\! | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) xhash parameter to client/chat.php or (3) toname parameter to client/plugins/upload/upload.php. | ||||
| CVE-2015-8769 | 1 Joomla | 1 Joomla\! | 2025-04-12 | N/A |
| SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2010-0610 | 2 Joomla, Webguerilla | 2 Joomla\!, Com Photoblog | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in the Photoblog (com_photoblog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the blog parameter in an images action to index.php. NOTE: a separate vector for the id parameter to detail.php may also exist. | ||||
| CVE-2010-0373 | 1 Joomla | 2 Com Libros, Joomla\! | 2025-04-11 | N/A |
| SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | ||||
| CVE-2006-7247 | 2 Joomla, Mambo-foundation | 3 Com Weblinks, Joomla\!, Mambo | 2025-04-11 | N/A |
| SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | ||||
| CVE-2010-0372 | 2 Hong Chuyen, Joomla | 2 Com Articlemanager, Joomla\! | 2025-04-11 | N/A |
| SQL injection vulnerability in the Articlemanager (com_articlemanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artid parameter in a display action to index.php. | ||||
| CVE-2010-4516 | 2 Joomla, Jxtended | 2 Joomla\!, Jxtended Comments | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the JXtended Comments component before 1.3.1 for Joomla allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-4868 | 2 Joomla, Kunena | 2 Joomla\!, Kunena | 2025-04-11 | N/A |
| SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2012-1117 | 1 Joomla | 1 Joomla\! | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-4517 | 2 Harmistechnology, Joomla | 2 Com Jeauto, Joomla\! | 2025-04-11 | N/A |
| SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php. | ||||
| CVE-2010-4405 | 2 Anything-digital, Joomla | 2 Sh404sef, Joomla\! | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-4784 | 2 Joaktree, Joomla | 2 Com Joaktree, Joomla\! | 2025-04-11 | N/A |
| SQL injection vulnerability in the Joaktree (com_joaktree) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the treeId parameter to index.php. | ||||
| CVE-2010-4404 | 2 Anything-digital, Joomla | 2 Sh404sef, Joomla\! | 2025-04-11 | N/A |
| SQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||