CVE-2023-23754
- EPSS 0.41%
- Veröffentlicht 30.05.2023 17:15:09
- Zuletzt bearbeitet 09.01.2025 22:15:25
An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.
CVE-2023-23755
- EPSS 0.56%
- Veröffentlicht 30.05.2023 17:15:09
- Zuletzt bearbeitet 09.01.2025 22:15:26
An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods.
CVE-2022-27914
- EPSS 0.46%
- Veröffentlicht 08.11.2022 19:15:11
- Zuletzt bearbeitet 21.11.2024 06:56:27
An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.
CVE-2022-27913
- EPSS 0.36%
- Veröffentlicht 25.10.2022 19:15:10
- Zuletzt bearbeitet 21.11.2024 06:56:27
An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components.
CVE-2022-27912
- EPSS 0.5%
- Veröffentlicht 25.10.2022 19:15:09
- Zuletzt bearbeitet 21.11.2024 06:56:27
An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests.
CVE-2022-27911
- EPSS 0.5%
- Veröffentlicht 31.08.2022 10:15:15
- Zuletzt bearbeitet 21.11.2024 06:56:27
An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes.
CVE-2022-23793
- EPSS 2.01%
- Veröffentlicht 30.03.2022 16:15:11
- Zuletzt bearbeitet 21.11.2024 06:49:16
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path.
CVE-2022-23794
- EPSS 0.87%
- Veröffentlicht 30.03.2022 16:15:11
- Zuletzt bearbeitet 21.11.2024 06:49:16
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application.
CVE-2022-23795
- EPSS 1.1%
- Veröffentlicht 30.03.2022 16:15:11
- Zuletzt bearbeitet 21.11.2024 06:49:16
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover.
CVE-2022-23796
- EPSS 0.57%
- Veröffentlicht 30.03.2022 16:15:11
- Zuletzt bearbeitet 21.11.2024 06:49:16
An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields.