CVE-2022-23797
- EPSS 1.06%
- Veröffentlicht 30.03.2022 16:15:11
- Zuletzt bearbeitet 21.11.2024 06:49:16
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection.
CVE-2022-23798
- EPSS 0.57%
- Veröffentlicht 30.03.2022 16:15:11
- Zuletzt bearbeitet 21.11.2024 06:49:16
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.
CVE-2022-23799
- EPSS 1.17%
- Veröffentlicht 30.03.2022 16:15:11
- Zuletzt bearbeitet 21.11.2024 06:49:16
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.
CVE-2022-23800
- EPSS 0.65%
- Veröffentlicht 30.03.2022 16:15:11
- Zuletzt bearbeitet 21.11.2024 06:49:16
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components.
CVE-2022-23801
- EPSS 0.57%
- Veröffentlicht 30.03.2022 16:15:11
- Zuletzt bearbeitet 21.11.2024 06:49:16
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media.
CVE-2021-26040
- EPSS 0.92%
- Veröffentlicht 24.08.2021 15:15:06
- Zuletzt bearbeitet 21.11.2024 05:55:47
An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user's permissions before executing a file deletion command.
CVE-2021-26035
- EPSS 0.88%
- Veröffentlicht 07.07.2021 11:15:08
- Zuletzt bearbeitet 21.11.2024 05:55:47
An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the rules field of the JForm API leads to a XSS vulnerability.
CVE-2021-26036
- EPSS 1.44%
- Veröffentlicht 07.07.2021 11:15:08
- Zuletzt bearbeitet 21.11.2024 05:55:47
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table.
CVE-2021-26037
- EPSS 1.01%
- Veröffentlicht 07.07.2021 11:15:08
- Zuletzt bearbeitet 21.11.2024 05:55:47
An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked.
CVE-2021-26038
- EPSS 1.21%
- Veröffentlicht 07.07.2021 11:15:08
- Zuletzt bearbeitet 21.11.2024 05:55:47
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in com_installer lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL for com_installer is limited to super users already...