Vulnerabilities > Joomla > Joomla > 3.5.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-30 | CVE-2018-6379 | Cross-site Scripting vulnerability in Joomla Joomla! In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability. | 4.3 |
| 2018-01-30 | CVE-2018-6377 | Cross-site Scripting vulnerability in Joomla Joomla! In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox | 4.3 |
| 2018-01-30 | CVE-2018-6376 | SQL Injection vulnerability in Joomla Joomla! In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message. | 7.5 |
| 2017-11-10 | CVE-2017-16634 | Improper Authentication vulnerability in Joomla Joomla! In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method. | 7.5 |
| 2017-09-20 | CVE-2017-14596 | LDAP Injection vulnerability in Joomla Joomla! In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password. | 5.0 |
| 2017-08-02 | CVE-2017-11364 | Improper Certificate Validation vulnerability in Joomla Joomla! The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs. | 6.5 |
| 2017-07-26 | CVE-2017-11612 | Cross-site Scripting vulnerability in Joomla Joomla! In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components. | 4.3 |
| 2017-07-17 | CVE-2017-9934 | Cross-site Scripting vulnerability in Joomla Joomla! Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability. | 4.3 |
| 2017-07-17 | CVE-2017-9933 | Information Exposure vulnerability in Joomla Joomla! Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents. | 5.0 |
| 2017-04-25 | CVE-2017-8057 | Information Exposure vulnerability in Joomla Joomla! In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting. | 5.0 |