[20221101] - Core - RXSS through reflection of user input in com_media
Project: Joomla!SubProject: CMSImpact: LowSeverity: LowProbability: LowVersions: 4.0.0-4.2.4Exploit type: Reflexted XSSReported Date: 2022-10-28Fixed Date: 2022-11-08CVE...
View Article[20230201] - Core - Improper access check in webservice endpoints
Project: Joomla!SubProject: CMSImpact: CriticalSeverity: HighProbability: HighVersions: 4.0.0-4.2.7Exploit type: Incorrect Access ControlReported Date: 2023-02-13Fixed Date: 2023-02-16CVE...
View Article[20230501] - Core - Open Redirects and XSS within the mfa selection
Project: Joomla!SubProject: CMSImpact: LowSeverity: LowProbability: LowVersions: 4.2.0-4.3.1Exploit type: Open Redirect / XSSReported Date: 2023-02-28Fixed Date: 2023-05-28CVE...
View Article[20230502] - Core - Bruteforce prevention within the mfa screen
Project: Joomla!SubProject: CMSImpact: CriticalSeverity: ModerateProbability: LowVersions: 4.2.0-4.3.1Exploit type: Lack of rate limitingReported Date: 2023-04-29Fixed Date: 2023-05-30CVE...
View Article[20231101] - Core - Exposure of environment variables
Project: Joomla!SubProject: CMSImpact: HighSeverity: HighProbability: LowVersions: 1.6.0-4.4.0, 5.0.0Exploit type: Information DisclosureReported Date: 2023-07-14Fixed Date: 2023-11-21CVE...
View Article[20240201] - Core - Insufficient session expiration in MFA management views
Project: Joomla!SubProject: CMSImpact: LowSeverity: LowProbability: LowVersions: 3.2.0-3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2Exploit type: Insufficient Session ExpirationReported Date: 2023-11-29Fixed...
View Article[20240202] - Core - Open redirect in installation application
Project: Joomla!SubProject: CMSImpact: LowSeverity: LowProbability: LowVersions: 1.5.0 - 3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2Exploit type: Open RedirectReported Date: 2023-11-08Fixed Date:...
View Article[20240203] - Core - XSS in media selection fields
Project: Joomla!SubProject: CMSImpact: ModerateSeverity: ModerateProbability: ModerateVersions: 1.6.0-3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2Exploit type: XSSReported Date: 2024-01-09Fixed Date:...
View Article[20240204] - Core - XSS in mail address outputs
Project: Joomla!SubProject: CMSImpact: ModerateSeverity: HighProbability: HighVersions: 4.0.0-4.4.2, 5.0.0-5.0.2Exploit type: XSSReported Date: 2024-01-30Fixed Date: 2024-02-20CVE...
View Article[20240205] - Core - Inadequate content filtering within the filter code
Project: Joomla! / Joomla! FrameworkSubProject: CMS / filterImpact: ModerateSeverity: ModerateProbability: ModerateVersions: 3.7.0-3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2Exploit type: XSSReported Date:...
View Article
