Vulnerabilities > Joomla

DATE CVE VULNERABILITY TITLE RISK
2018-01-30 CVE-2018-6380 Cross-site Scripting vulnerability in Joomla Joomla!
In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.
network
low complexity
joomla CWE-79
6.1
6.1
2018-01-30 CVE-2018-6379 Cross-site Scripting vulnerability in Joomla Joomla!
In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability.
network
low complexity
joomla CWE-79
6.1
6.1
2018-01-30 CVE-2018-6377 Cross-site Scripting vulnerability in Joomla Joomla!
In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox
network
low complexity
joomla CWE-79
6.1
6.1
2018-01-30 CVE-2018-6376 SQL Injection vulnerability in Joomla Joomla!
In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.
network
low complexity
joomla CWE-89
critical
 9.8
9.8
2017-11-10 CVE-2017-16634 Improper Authentication vulnerability in Joomla Joomla!
In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.
network
low complexity
joomla CWE-287
critical
 9.8
9.8
2017-11-10 CVE-2017-16633 Information Exposure vulnerability in Joomla Joomla!
In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.
network
low complexity
joomla CWE-200
4.3
4.3
2017-09-20 CVE-2017-14596 LDAP Injection vulnerability in Joomla Joomla!
In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
network
low complexity
joomla CWE-90
critical
 9.8
9.8
2017-09-20 CVE-2017-14595 Unspecified vulnerability in Joomla Joomla!
In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.
network
high complexity
joomla
3.7
3.7
2017-09-20 CVE-2015-5608 Open Redirect vulnerability in Joomla Joomla!
Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.
network
low complexity
joomla CWE-601
6.1
6.1
2017-08-02 CVE-2017-11364 Improper Certificate Validation vulnerability in Joomla Joomla!
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.
network
low complexity
joomla CWE-295
8.8
8.8