Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Joomla! CMS — Vulnerabilities & Security Advisories 81

All 81 CVE vulnerabilities found in Joomla! CMS, with AI-generated Chinese analysis, references, and POCs.

Vendor: Joomla! Project

CVE IDTitleCVSSSeverityPublished
CVE-2024-21726 [20240205] - Core - Inadequate content filtering within the filter code CWE-79 6.1 -2024-02-20
CVE-2023-40626 [20231101] - Core - Exposure of environment variables 4.0 -2023-11-29
CVE-2023-23754 [20230501] - Core - Open Redirect and XSS within the mfa select 6.1 -2023-05-30
CVE-2023-23755 [20230502] - Core - Bruteforce prevention within the mfa screen 7.5 -2023-05-30
CVE-2023-23752 [20230201] - Core - Improper access check in webservice endpoints 9.1 -2023-02-16
CVE-2023-23751 [20230102] - Core - Missing ACL checks for com_actionlogs 4.3 -2023-02-01
CVE-2023-23750 [20230101] - Core - CSRF within post-installation messages 8.8 -2023-02-01
CVE-2022-27914 [20221101] - Core - RXSS through reflection of user input in com_media 6.1 -2022-11-08
CVE-2022-27913 [20221002] - Core - RXSS through reflection of user input in headings 6.1 -2022-10-25
CVE-2022-27912 [20221001] - Core - Debug Mode leaks full request payloads including passwords 5.3 -2022-10-25
CVE-2022-27911 [20220801] - Core - Multiple Full Path Disclosures because of missing '_JEXEC or die check' 5.3 -2022-08-31
CVE-2022-23801 [20220309] - Core - XSS attack vector through SVG 6.1 -2022-03-30
CVE-2022-23800 [20220308] - Core - Inadequate content filtering within the filter code 6.1 -2022-03-30
CVE-2022-23799 [20220307] - Core - Variable Tampering on JInput $_REQUEST data 9.8 -2022-03-30
CVE-2022-23798 [20220306] - Core - Inadequate validation of internal URLs 6.1 -2022-03-30
CVE-2022-23797 [20220305] - Core - Inadequate filtering on the selected Ids 9.8 -2022-03-30
CVE-2022-23796 [20220304] - Core - Missing input validation within com_fields class inputs 6.1 -2022-03-30
CVE-2022-23795 [20220303] - Core - User row are not bound to a authentication mechanism 9.8 -2022-03-30
CVE-2022-23794 [20220302] - Core - Path Disclosure within filesystem error messages 5.3 -2022-03-30
CVE-2022-23793 [20220301] - Core - Zip Slip within the Tar extractor 6.5 -2022-03-30
CVE-2021-26040 [20210801] - Core - Insufficient access control for com_media deletion endpoint 9.1 -2021-08-24
CVE-2021-26039 [20210705] - Core - XSS in com_media imagelist 6.1 -2021-07-07
CVE-2021-26038 [20210704] - Core - Privilege escalation through com_installer 7.5 -2021-07-07
CVE-2021-26037 [20210703] - Core - Lack of enforced session termination 8.2 -2021-07-07
CVE-2021-26036 [20210702] - Core - DoS through usergroup table manipulation 5.3 -2021-07-07
CVE-2021-26035 [20210701] - Core - XSS in JForm Rules field 6.1 -2021-07-07
CVE-2021-26034 [20210503] - Core - CSRF in data download endpoints 8.1 -2021-05-26
CVE-2021-26033 [20210502] - Core - CSRF in AJAX reordering endpoint 8.8 -2021-05-26
CVE-2021-26032 [20210501] - Core - Adding HTML to the executable block list of MediaHelper::canUpload 6.1 -2021-05-26
CVE-2021-26031 [20210402] - Core - Inadequate filters on module layout settings 5.3 -2021-04-14

All 81 known CVE vulnerabilities affecting Joomla! CMS with full Chinese analysis, references, and POCs where available.