cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-27185,https://securityvulnerability.io/vulnerability/CVE-2024-27185,Cache Poisoning Vulnerability in Pagination,"The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors.",Joomla,Joomla! Cms,,,0.0004299999854993075,false,false,false,false,,false,false,2024-08-20T16:03:58.015Z,0
CVE-2024-27186,https://securityvulnerability.io/vulnerability/CVE-2024-27186,XSS Vulnerabilities in Mail Template Feature of Unspecified Extensions,"The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions.",Joomla,Joomla! Cms,,,0.0004299999854993075,false,false,false,false,,false,false,2024-08-20T16:03:56.863Z,0
CVE-2024-27184,https://securityvulnerability.io/vulnerability/CVE-2024-27184,Invalid URL Validation Could Lead to Security Vulnerabilities,Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not..,Joomla,Joomla! Cms,,,0.0006099999882280827,false,false,false,false,,false,false,2024-08-20T16:03:51.605Z,0
CVE-2024-40743,https://securityvulnerability.io/vulnerability/CVE-2024-40743,XSS Vulnerabilities in Image Processing Methods,"The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors.",Joomla,Joomla! Cms,,,0.0004299999854993075,false,false,false,false,,false,false,2024-08-20T16:03:45.461Z,0
CVE-2024-27187,https://securityvulnerability.io/vulnerability/CVE-2024-27187,Backend Username Overwrite Vulnerability Discovered,Improper Access Controls allows backend users to overwrite their username when disallowed.,Joomla,Joomla! Cms,,,0.0004299999854993075,false,false,false,false,,false,false,2024-08-20T16:03:43.540Z,0
CVE-2024-21729,https://securityvulnerability.io/vulnerability/CVE-2024-21729,AccessiMedia Field Vulnerable to XSS Attacks Due to Inadequate Input Validation,Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field.,Joomla,Joomla! Cms,6.1,MEDIUM,0.0006000000284984708,false,false,false,false,,false,false,2024-07-09T16:15:51.461Z,0
CVE-2024-21730,https://securityvulnerability.io/vulnerability/CVE-2024-21730,FancySelect List Field Layout Vulnerable to Self-XSS Attacks,"The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector.",Joomla,Joomla! Cms,5.4,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-07-09T16:15:49.888Z,0
CVE-2024-26279,https://securityvulnerability.io/vulnerability/CVE-2024-26279,Inadequate Content Filtering Leads to XSS Vulnerabilities,"The wrapper extensions do not correctly validate inputs, leading to XSS vectors.",Joomla,Joomla! Cms,6.1,MEDIUM,0.0006000000284984708,false,false,false,false,,false,false,2024-07-09T16:15:48.485Z,0
CVE-2024-26278,https://securityvulnerability.io/vulnerability/CVE-2024-26278,Filter Flaw Exposes Custom Fields to Cross-Site Scripting Attacks,"The Custom Fields component not correctly filter inputs, leading to a XSS vector.",Joomla,Joomla! Cms,6.1,MEDIUM,0.0006000000284984708,false,false,false,false,,false,false,2024-07-09T16:15:44.821Z,0
CVE-2024-21731,https://securityvulnerability.io/vulnerability/CVE-2024-21731,XSS Vector in StringHelper::truncate,Improper handling of input could lead to an XSS vector in the StringHelper::truncate method.,Joomla,Joomla! Cms,6.1,MEDIUM,0.0006000000284984708,false,false,false,false,,false,false,2024-07-09T16:15:43.351Z,0
CVE-2024-21722,https://securityvulnerability.io/vulnerability/CVE-2024-21722,MFA management system vulnerability: Sessions not properly terminated,The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified.,Joomla,Joomla! Cms,,,0.0004299999854993075,false,false,false,false,,false,false,2024-02-29T01:44:00.000Z,0
CVE-2024-21726,https://securityvulnerability.io/vulnerability/CVE-2024-21726,Inadequate Content Filtering Leads to XSS Vulnerabilities,"The vulnerability in Joomla's core arises from insufficient content filtering mechanisms, which may allow attackers to exploit cross-site scripting (XSS) vulnerabilities across various components. This weakness can facilitate the injection of malicious scripts, compromising the integrity and safety of websites built on Joomla. Implementing robust security measures, including the latest patches and configuration best practices, is crucial for protecting against such exploits. Further information and mitigation strategies can be found in the provided resources.",Joomla,Joomla! Cms,,,0.0004299999854993075,false,true,false,false,,true,false,2024-02-29T01:44:00.000Z,6270
CVE-2024-21725,https://securityvulnerability.io/vulnerability/CVE-2024-21725,Inadequate Escaping of Mail Addresses Leads to XSS Vulnerabilities,Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components.,Joomla,Joomla! Cms,,,0.0004299999854993075,false,false,false,false,,false,false,2024-02-29T01:44:00.000Z,0
CVE-2024-21724,https://securityvulnerability.io/vulnerability/CVE-2024-21724,XSS Vulnerabilities in Media Selection Fields,Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions.,Joomla,Joomla! Cms,,,0.0004299999854993075,false,false,false,false,,false,false,2024-02-29T01:44:00.000Z,0
CVE-2024-21723,https://securityvulnerability.io/vulnerability/CVE-2024-21723,Inadequate URL Parsing Could Lead to Open Redirect Vulnerabilities,Inadequate parsing of URLs could result into an open redirect.,Joomla,Joomla! Cms,,,0.0006099999882280827,false,false,false,false,,false,false,2024-02-29T01:44:00.000Z,0
CVE-2023-40626,https://securityvulnerability.io/vulnerability/CVE-2023-40626,[20231101] - Core - Exposure of environment variables,The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information.,Joomla,Joomla! Cms,7.5,HIGH,0.0018400000408291817,false,false,false,true,true,false,false,2023-11-29T13:15:00.000Z,0
CVE-2023-23754,https://securityvulnerability.io/vulnerability/CVE-2023-23754,[20230501] - Core - Open Redirect and XSS within the mfa select,An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.,Joomla,Joomla! Cms,6.1,MEDIUM,0.0010900000343099236,false,false,false,false,,false,false,2023-05-30T17:15:00.000Z,0
CVE-2023-23755,https://securityvulnerability.io/vulnerability/CVE-2023-23755,[20230502] - Core - Bruteforce prevention within the mfa screen,An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods.,Joomla,Joomla! Cms,7.5,HIGH,0.0011599999852478504,false,false,false,false,,false,false,2023-05-30T17:15:00.000Z,0
CVE-2023-23752,https://securityvulnerability.io/vulnerability/CVE-2023-23752,Unauthorized Access to Webservice Endpoints in Joomla 4.0.0 through 4.2.7,An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.,Joomla,Joomla! Cms,5.3,MEDIUM,0.9360100030899048,true,true,false,true,true,false,false,2023-02-16T17:15:00.000Z,0
CVE-2023-23750,https://securityvulnerability.io/vulnerability/CVE-2023-23750,[20230101] - Core - CSRF within post-installation messages,An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.,Joomla,Joomla! Cms,6.3,MEDIUM,0.0006799999973736703,false,false,false,false,,false,false,2023-02-01T22:15:00.000Z,0
CVE-2023-23751,https://securityvulnerability.io/vulnerability/CVE-2023-23751,[20230102] - Core - Missing ACL checks for com_actionlogs,An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.,Joomla,Joomla! Cms,4.3,MEDIUM,0.0007200000109151006,false,false,false,false,,false,false,2023-02-01T22:15:00.000Z,0
CVE-2022-27914,https://securityvulnerability.io/vulnerability/CVE-2022-27914,[20221101] - Core - RXSS through reflection of user input in com_media,An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.,Joomla,Joomla! Cms,6.1,MEDIUM,0.0024999999441206455,false,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0
CVE-2022-27913,https://securityvulnerability.io/vulnerability/CVE-2022-27913,[20221002] - Core - RXSS through reflection of user input in headings,An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components.,Joomla,Joomla! Cms,6.1,MEDIUM,0.0024999999441206455,false,false,false,false,,false,false,2022-10-25T00:00:00.000Z,0
CVE-2022-27912,https://securityvulnerability.io/vulnerability/CVE-2022-27912,[20221001] - Core - Debug Mode leaks full request payloads including passwords,An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests.,Joomla,Joomla! Cms,5.3,MEDIUM,0.0012400000123307109,false,false,false,false,,false,false,2022-10-25T00:00:00.000Z,0
CVE-2022-27911,https://securityvulnerability.io/vulnerability/CVE-2022-27911,[20220801] - Core - Multiple Full Path Disclosures because of missing '_JEXEC or die check',An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes.,Joomla,Joomla! Cms,5.3,MEDIUM,0.0012400000123307109,false,false,false,false,,false,false,2022-08-31T10:15:00.000Z,0