Joomla : Security Vulnerabilities, CVEs, (CSRF)
Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to (1) add a Super Admin, (2) upload an extension containing arbitrary PHP code, and (3) modify the configuration as administrators via unspecified vectors.
Max CVSS
6.8
EPSS Score
0.31%
Published
2008-01-04
Updated
2018-10-15
Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.21%
Published
2009-04-09
Updated
2017-08-17
Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors.
Max CVSS
6.8
EPSS Score
0.21%
Published
2015-07-14
Updated
2016-12-07
Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.09%
Published
2015-12-16
Updated
2015-12-17
Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability.
Max CVSS
6.1
EPSS Score
0.57%
Published
2017-07-17
Updated
2017-07-21
An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend.
Max CVSS
8.8
EPSS Score
2.43%
Published
2018-10-09
Updated
2018-11-26
An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability.
Max CVSS
8.8
EPSS Score
0.07%
Published
2019-11-06
Updated
2019-11-06
An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities.
Max CVSS
8.8
EPSS Score
0.07%
Published
2020-01-28
Updated
2020-02-06
An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.
Max CVSS
8.8
EPSS Score
0.07%
Published
2020-01-28
Updated
2020-02-07
An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF.
Max CVSS
8.8
EPSS Score
0.07%
Published
2020-03-16
Updated
2020-03-18
In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF.
Max CVSS
8.8
EPSS Score
0.07%
Published
2020-06-02
Updated
2020-10-19
An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF vulnerability.
Max CVSS
6.8
EPSS Score
0.05%
Published
2020-07-15
Updated
2020-07-15
An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF vulnerability.
Max CVSS
6.8
EPSS Score
0.05%
Published
2020-07-15
Updated
2020-07-15
An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability.
Max CVSS
6.8
EPSS Score
0.05%
Published
2020-12-28
Updated
2020-12-30
An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint.
Max CVSS
6.5
EPSS Score
0.05%
Published
2021-05-26
Updated
2021-05-28
An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo.
Max CVSS
6.5
EPSS Score
0.05%
Published
2021-05-26
Updated
2021-05-28
An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.
Max CVSS
6.3
EPSS Score
0.06%
Published
2023-02-01
Updated
2023-02-08
17 vulnerabilities found