Vulnerabilities > Joomla > Joomla > 3.7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-10 | CVE-2017-16633 | Information Exposure vulnerability in Joomla Joomla! In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users. | 4.0 |
| 2017-09-20 | CVE-2017-14596 | LDAP Injection vulnerability in Joomla Joomla! In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password. | 5.0 |
| 2017-09-20 | CVE-2017-14595 | Unspecified vulnerability in Joomla Joomla! In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state. network joomla | 4.3 |
| 2017-08-02 | CVE-2017-11364 | Improper Certificate Validation vulnerability in Joomla Joomla! The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs. | 6.5 |
| 2017-07-26 | CVE-2017-11612 | Cross-site Scripting vulnerability in Joomla Joomla! In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components. | 4.3 |
| 2017-07-17 | CVE-2017-9934 | Cross-site Scripting vulnerability in Joomla Joomla! Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability. | 4.3 |
| 2017-07-17 | CVE-2017-9933 | Information Exposure vulnerability in Joomla Joomla! Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents. | 5.0 |
| 2017-05-17 | CVE-2017-8917 | SQL Injection vulnerability in Joomla Joomla! 3.7.0 SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |