Vulnerabilities > Joomla > Joomla > 3.9.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-18 | CVE-2019-19845 | Path Traversal vulnerability in Joomla Joomla! In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure. | 5.0 |
2019-11-06 | CVE-2019-18674 | Missing Authorization vulnerability in Joomla Joomla! An issue was discovered in Joomla! before 3.9.13. | 5.0 |
2019-11-06 | CVE-2019-18650 | Cross-Site Request Forgery (CSRF) vulnerability in Joomla Joomla! An issue was discovered in Joomla! before 3.9.13. | 6.8 |
2019-09-24 | CVE-2019-16725 | Cross-site Scripting vulnerability in Joomla Joomla! In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates. | 4.3 |
2019-08-14 | CVE-2019-15028 | Unspecified vulnerability in Joomla Joomla! In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms. | 5.0 |
2019-06-11 | CVE-2019-12766 | Cross-site Scripting vulnerability in Joomla Joomla! An issue was discovered in Joomla! before 3.9.7. | 6.1 |
2019-06-11 | CVE-2019-12765 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Joomla Joomla! An issue was discovered in Joomla! before 3.9.7. | 9.8 |
2019-06-11 | CVE-2019-12764 | Unspecified vulnerability in Joomla Joomla! An issue was discovered in Joomla! before 3.9.7. | 6.5 |
2019-05-20 | CVE-2019-11809 | Cross-site Scripting vulnerability in Joomla Joomla! An issue was discovered in Joomla! before 3.9.6. | 4.3 |
2019-05-09 | CVE-2019-11831 | Deserialization of Untrusted Data vulnerability in multiple products The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL. | 9.8 |