Joomla : Security Vulnerabilities (XSS)
An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.
| Max Base Score | 6.1 |
| Published | 2023-05-30 |
| Updated | 2023-06-06 |
| EPSS | 0.06% |
An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.
| Max Base Score | 6.1 |
| Published | 2022-11-08 |
| Updated | 2022-11-09 |
| EPSS | 0.06% |
An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components.
| Max Base Score | 6.1 |
| Published | 2022-10-25 |
| Updated | 2022-10-27 |
| EPSS | 0.09% |
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media.
| Max Base Score | 6.1 |
| Published | 2022-03-30 |
| Updated | 2022-04-05 |
| EPSS | 0.24% |
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components.
| Max Base Score | 6.1 |
| Published | 2022-03-30 |
| Updated | 2022-04-05 |
| EPSS | 0.24% |
An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields.
| Max Base Score | 6.1 |
| Published | 2022-03-30 |
| Updated | 2022-04-05 |
| EPSS | 0.18% |
An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability.
| Max Base Score | 6.1 |
| Published | 2021-07-07 |
| Updated | 2021-07-07 |
| EPSS | 0.25% |
An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the rules field of the JForm API leads to a XSS vulnerability.
| Max Base Score | 6.1 |
| Published | 2021-07-07 |
| Updated | 2021-07-07 |
| EPSS | 0.25% |
An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors.
| Max Base Score | 6.1 |
| Published | 2021-05-26 |
| Updated | 2021-05-28 |
| EPSS | 0.25% |
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page
| Max Base Score | 6.1 |
| Published | 2021-04-14 |
| Updated | 2021-04-22 |
| EPSS | 0.25% |
An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead to xss issues.
| Max Base Score | 6.1 |
| Published | 2021-03-04 |
| Updated | 2021-03-05 |
| EPSS | 0.21% |
An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues.
| Max Base Score | 6.1 |
| Published | 2021-03-04 |
| Updated | 2021-03-05 |
| EPSS | 0.21% |
An issue was discovered in Joomla! 3.1.0 through 3.9.23. The lack of escaping of image-related parameters in multiple com_tags views cause lead to XSS attack vectors.
| Max Base Score | 6.1 |
| Published | 2021-01-12 |
| Updated | 2021-01-15 |
| EPSS | 0.13% |
An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks.
| Max Base Score | 6.1 |
| Published | 2021-01-12 |
| Updated | 2021-01-19 |
| EPSS | 0.13% |
An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS attacks.
| Max Base Score | 6.1 |
| Published | 2020-08-26 |
| Updated | 2020-08-28 |
| EPSS | 0.10% |
An issue was discovered in Joomla! through 3.9.19. Lack of input filtering and escaping allows XSS attacks in mod_random_image.
| Max Base Score | 6.1 |
| Published | 2020-07-15 |
| Updated | 2020-07-15 |
| EPSS | 0.10% |
In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows XSS.
| Max Base Score | 6.1 |
| Published | 2020-06-02 |
| Updated | 2020-06-03 |
| EPSS | 0.10% |
In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS.
| Max Base Score | 6.1 |
| Published | 2020-06-02 |
| Updated | 2020-10-19 |
| EPSS | 0.10% |
An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks.
| Max Base Score | 6.1 |
| Published | 2020-03-16 |
| Updated | 2020-03-18 |
| EPSS | 0.10% |
An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs.
| Max Base Score | 6.1 |
| Published | 2020-01-28 |
| Updated | 2020-02-06 |
| EPSS | 0.10% |
In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates.
| Max Base Score | 6.1 |
| Published | 2019-09-24 |
| Updated | 2019-09-25 |
| EPSS | 0.10% |
An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors.
| Max Base Score | 6.1 |
| Published | 2019-06-11 |
| Updated | 2023-01-30 |
| EPSS | 0.14% |
An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.
| Max Base Score | 6.1 |
| Published | 2019-05-20 |
| Updated | 2019-05-20 |
| EPSS | 0.10% |
An issue was discovered in Joomla! before 3.9.4. The media form field lacks escaping, leading to XSS.
| Max Base Score | 6.1 |
| Published | 2019-03-12 |
| Updated | 2019-03-15 |
| EPSS | 0.14% |
An issue was discovered in Joomla! before 3.9.4. The JSON handler in com_config lacks input validation, leading to XSS.
| Max Base Score | 6.1 |
| Published | 2019-03-12 |
| Updated | 2019-03-15 |
| EPSS | 0.14% |