RSS   Vulnerabilities for 'Joomla!'   RSS

2018-03-14
 
CVE-2018-8045

CWE-89
 

 
In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view.

 
2018-01-30
 
CVE-2018-6380

CWE-79
 

 
In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.

 
 
CVE-2018-6379

CWE-79
 

 
In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability.

 
 
CVE-2018-6377

CWE-79
 

 
In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox

 
 
CVE-2018-6376

CWE-89
 

 
In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.

 
2017-11-09
 
CVE-2017-16634

CWE-287
 

 
In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.

 
 
CVE-2017-16633

CWE-200
 

 
In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.

 
2017-09-20
 
CVE-2017-14596

 

 
In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.

 
 
CVE-2017-14595

 

 
In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.

 
 
CVE-2015-5608

 

 
Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.

 


Copyright 2018, cxsecurity.com

 

Back to Top