Vulnerabilities in Joomla! Project
102 resultsCVE-2023-23752MEDIUM[20230201] - Core - Improper access check in webservice endpointsEPSS 99.8%KEVCVE-2021-26030—[20210401] - Core - Escape xss in logo parameter error pagesEPSS 82.4%CVE-2021-23124—[20210102] - Core - XSS in mod_breadcrumbs aria-label attributeEPSS 81.2%CVE-2024-21726MEDIUM[20240205] - Core - Inadequate content filtering within the filter codeEPSS 48.8%CVE-2024-21725MEDIUM[20240204] - Core - XSS in mail address outputsEPSS 32.2%CVE-2020-35613—[20201104] - Core - SQL injection in com_users list viewEPSS 28.4%CVE-2021-23132—[20210306] - Core - com_media allowed paths that are not intended for image uploadsEPSS 6.5%CVE-2020-35616—[20201107] - Core - Write ACL violation in multiple core viewsEPSS 6.1%CVE-2022-23793—[20220301] - Core - Zip Slip within the Tar extractorEPSS 2.0%CVE-2020-35612—[20201103] - Core - Path traversal in mod_random_imageEPSS 1.6%CVE-2021-23127—[20210301] - Core - Insecure randomness within 2FA secret generationEPSS 1.6%CVE-2021-23128—[20210302] - Core - Potential Insecure FOFEncryptRandvalEPSS 1.6%CVE-2021-23131—[20210305] - Core - Input validation within the template managerEPSS 1.5%CVE-2021-26036—[20210702] - Core - DoS through usergroup table manipulationEPSS 1.4%CVE-2020-35610—[20201101] - Core - com_finder ignores access levels on autosuggestEPSS 1.3%CVE-2020-35611—[20201102] - Core - Disclosure of secrets in Global Configuration pageEPSS 1.3%CVE-2021-23126—[20210301] - Core - Insecure randomness within 2FA secret generationEPSS 1.3%CVE-2021-26038—[20210704] - Core - Privilege escalation through com_installerEPSS 1.2%CVE-2021-26031—[20210402] - Core - Inadequate filters on module layout settingsEPSS 1.2%CVE-2022-23799—[20220307] - Core - Variable Tampering on JInput $_REQUEST dataEPSS 1.2%