RSS   Vulnerabilities for 'Joomla!'   RSS

2019-05-20
 
CVE-2019-11809

CWE-79
 

 
An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.

 
2019-04-10
 
CVE-2019-10946

CWE-284
 

 
An issue was discovered in Joomla! before 3.9.5. The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users.

 
 
CVE-2019-10945

CWE-22
 

 
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.

 
2019-03-12
 
CVE-2019-9714

CWE-79
 

 
An issue was discovered in Joomla! before 3.9.4. The media form field lacks escaping, leading to XSS.

 
 
CVE-2019-9713

CWE-284
 

 
An issue was discovered in Joomla! before 3.9.4. The sample data plugins lack ACL checks, allowing unauthorized access.

 
 
CVE-2019-9712

CWE-79
 

 
An issue was discovered in Joomla! before 3.9.4. The JSON handler in com_config lacks input validation, leading to XSS.

 
 
CVE-2019-9711

CWE-79
 

 
An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS.

 
2019-02-12
 
CVE-2019-7744

CWE-79
 

 
An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability.

 
 
CVE-2019-7743

CWE-74
 

 
An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files.

 
 
CVE-2019-7742

CWE-79
 

 
An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector.

 


Copyright 2019, cxsecurity.com

 

Back to Top