Joomla

Joomla!

155 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 10.49%
  • Veröffentlicht 11.06.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:23:31

An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection.

  • EPSS 0.92%
  • Veröffentlicht 11.06.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:23:32

An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors.

  • EPSS 0.79%
  • Veröffentlicht 20.05.2019 13:29:04
  • Zuletzt bearbeitet 21.11.2024 04:21:48

An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.

  • EPSS 5.59%
  • Veröffentlicht 09.05.2019 04:29:01
  • Zuletzt bearbeitet 21.11.2024 04:21:50

The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/b...

Exploit
  • EPSS 87.22%
  • Veröffentlicht 20.04.2019 00:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:56

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n...

Exploit
  • EPSS 38.02%
  • Veröffentlicht 10.04.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:12

An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.

  • EPSS 1.1%
  • Veröffentlicht 10.04.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:12

An issue was discovered in Joomla! before 3.9.5. The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users.

  • EPSS 0.75%
  • Veröffentlicht 12.03.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:52:09

An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS.

  • EPSS 0.75%
  • Veröffentlicht 12.03.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:52:09

An issue was discovered in Joomla! before 3.9.4. The JSON handler in com_config lacks input validation, leading to XSS.

  • EPSS 1.69%
  • Veröffentlicht 12.03.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:52:09

An issue was discovered in Joomla! before 3.9.4. The sample data plugins lack ACL checks, allowing unauthorized access.