Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Joomla! CMS — Vulnerabilities & Security Advisories 99

All 99 CVE vulnerabilities found in Joomla! CMS, with AI-generated Chinese analysis, references, and POCs.

This page aggregates known security weaknesses, vulnerabilities, and advisories associated with the Joomla! Content Management System. It serves as a centralized resource for tracking the security posture of this widely used open-source platform. The collection includes a comprehensive range of flaw types such as SQL injection, cross-site scripting, and remote code execution issues that have been identified and reported within the Joomla! ecosystem. The data covers historical records dating back to the early days of the software’s development, providing a long-term perspective on how the product has evolved in terms of security. This extensive timeline allows for a thorough analysis of recurring patterns and persistent architectural flaws that have plagued the CMS over the years. Visitors to this page can discover how to track vendor advisories by examining the chronological progression of fixes and patch releases issued by the Joomla! team. Users can also understand specific weakness classes by analyzing detailed descriptions and technical contexts for each entry. Additionally, one can look up a product's vulnerability history to assess risk exposure and compare it against industry standards. This resource is designed to help developers, security analysts, and system administrators make informed decisions regarding upgrades, mitigations, and monitoring strategies. By consolidating these diverse data points, the page offers a clear view of the security landscape surrounding Joomla! CMS without requiring manual searches across multiple disparate sources.

Vendor: Joomla! Project

CVE IDTitleCVSSSeverityPublished
CVE-2025-22207 [20250201] - Core - SQL injection vulnerability in Scheduled Tasks component CWE-89 8.8 -2025-02-18
CVE-2024-40749 [20250103] - Core - Read ACL violation in multiple core views CWE-284 6.5 -2025-01-07
CVE-2024-40747 [20250101] - Core - XSS vectors in module chromes CWE-79 6.1 -2025-01-07
CVE-2024-40748 [20250102] - Core - XSS vector in the id attribute of menu lists CWE-79 8.2 -2025-01-07
CVE-2024-27185 [20240802] - Core - Cache Poisoning in Pagination 7.5AIHighAI2024-08-20
CVE-2024-27186 [20240803] - Core - XSS in HTML Mail Templates CWE-79 6.1AIMediumAI2024-08-20
CVE-2024-27184 [20240801] - Core - Inadequate validation of internal URLs CWE-601 5.4AIMediumAI2024-08-20
CVE-2024-40743 [20240805] - Core - XSS vectors in Outputfilter::strip* methods CWE-79 6.1AIMediumAI2024-08-20
CVE-2024-27187 [20240804] - Core - Improper ACL for backend profile view CWE-284 6.5AIMediumAI2024-08-20
CVE-2024-21729 [20240701] - Core - XSS in accessible media selection field CWE-79 6.1AIMediumAI2024-07-09
CVE-2024-21730 [20240702] - Core - Self-XSS in fancyselect list field layout CWE-79 6.1AIMediumAI2024-07-09
CVE-2024-26279 [20240704] - Core - XSS in Wrapper extensions CWE-79 6.1AIMediumAI2024-07-09
CVE-2024-26278 [20240705] - Core - XSS in com_fields default field value CWE-79 6.1AIMediumAI2024-07-09
CVE-2024-21731 [20240703] - Core - XSS in StringHelper::truncate method CWE-79 6.1AIMediumAI2024-07-09
CVE-2024-21723 [20240202] - Core - Open redirect in installation application CWE-601 6.1 -2024-02-20
CVE-2024-21725 [20240204] - Core - XSS in mail address outputs CWE-79 6.1 -2024-02-20
CVE-2024-21724 [20240203] - Core - XSS in media selection fields CWE-79 6.1 -2024-02-20
CVE-2024-21722 [20240201] - Core - Insufficient session expiration in MFA management views CWE-613 4.3 -2024-02-20
CVE-2024-21726 [20240205] - Core - Inadequate content filtering within the filter code CWE-79 6.1 -2024-02-20
CVE-2023-40626 [20231101] - Core - Exposure of environment variables 4.0 -2023-11-29
CVE-2023-23754 [20230501] - Core - Open Redirect and XSS within the mfa select 6.1 -2023-05-30
CVE-2023-23755 [20230502] - Core - Bruteforce prevention within the mfa screen 7.5 -2023-05-30
CVE-2023-23752 [20230201] - Core - Improper access check in webservice endpoints 9.1 -2023-02-16
CVE-2023-23751 [20230102] - Core - Missing ACL checks for com_actionlogs 4.3 -2023-02-01
CVE-2023-23750 [20230101] - Core - CSRF within post-installation messages 8.8 -2023-02-01
CVE-2022-27914 [20221101] - Core - RXSS through reflection of user input in com_media 6.1 -2022-11-08
CVE-2022-27913 [20221002] - Core - RXSS through reflection of user input in headings 6.1 -2022-10-25
CVE-2022-27912 [20221001] - Core - Debug Mode leaks full request payloads including passwords 5.3 -2022-10-25
CVE-2022-27911 [20220801] - Core - Multiple Full Path Disclosures because of missing '_JEXEC or die check' 5.3 -2022-08-31
CVE-2022-23801 [20220309] - Core - XSS attack vector through SVG 6.1 -2022-03-30

All 99 known CVE vulnerabilities affecting Joomla! CMS with full Chinese analysis, references, and POCs where available.