An Open Redirect vulnerability was found in osTicky2 below 2.2.8. osTicky (osTicket Bridge) by SmartCalc is a Joomla 3.x extension that provides Joomla fronted integration with osTicket, a popular Support ticket system. The Open Redirect vulnerability allows attackers to control the return parameter in the URL to a base64 malicious URL.
Source: Joomla! Project
Max CVSS
N/A
EPSS Score
0.06%
Published
2024-02-15
Updated
2024-02-16
The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information.
Source: Joomla! Project
Max CVSS
7.5
EPSS Score
0.09%
Published
2023-11-29
Updated
2023-12-05
An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods.
Source: Joomla! Project
Max CVSS
7.5
EPSS Score
0.09%
Published
2023-05-30
Updated
2023-06-06
An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.
Source: Joomla! Project
Max CVSS
6.1
EPSS Score
0.13%
Published
2023-05-30
Updated
2023-06-06

CVE-2023-23752

Known exploited
Public exploit
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
Source: Joomla! Project
Max CVSS
5.3
EPSS Score
93.21%
Published
2023-02-16
Updated
2024-01-09
CISA KEV Added
2024-01-08
An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.
Source: Joomla! Project
Max CVSS
4.3
EPSS Score
0.07%
Published
2023-02-01
Updated
2023-02-09
An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.
Source: Joomla! Project
Max CVSS
6.3
EPSS Score
0.06%
Published
2023-02-01
Updated
2023-02-08
An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.
Source: Joomla! Project
Max CVSS
6.1
EPSS Score
0.24%
Published
2022-11-08
Updated
2023-12-02
An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components.
Source: Joomla! Project
Max CVSS
6.1
EPSS Score
0.25%
Published
2022-10-25
Updated
2023-12-02
An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests.
Source: Joomla! Project
Max CVSS
5.3
EPSS Score
0.12%
Published
2022-10-25
Updated
2023-12-02
An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes.
Source: Joomla! Project
Max CVSS
5.3
EPSS Score
0.12%
Published
2022-08-31
Updated
2022-09-05
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media.
Source: Joomla! Project
Max CVSS
6.1
EPSS Score
0.25%
Published
2022-03-30
Updated
2022-04-05
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components.
Source: Joomla! Project
Max CVSS
6.1
EPSS Score
0.25%
Published
2022-03-30
Updated
2022-04-05
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.
Source: Joomla! Project
Max CVSS
9.8
EPSS Score
0.20%
Published
2022-03-30
Updated
2022-04-05
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.
Source: Joomla! Project
Max CVSS
6.1
EPSS Score
0.12%
Published
2022-03-30
Updated
2022-04-05
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection.
Source: Joomla! Project
Max CVSS
9.8
EPSS Score
0.14%
Published
2022-03-30
Updated
2022-04-05
An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields.
Source: Joomla! Project
Max CVSS
6.1
EPSS Score
0.19%
Published
2022-03-30
Updated
2022-04-05
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover.
Source: Joomla! Project
Max CVSS
9.8
EPSS Score
0.20%
Published
2022-03-30
Updated
2022-04-05
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application.
Source: Joomla! Project
Max CVSS
5.3
EPSS Score
0.12%
Published
2022-03-30
Updated
2022-04-05
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path.
Source: Joomla! Project
Max CVSS
7.5
EPSS Score
0.20%
Published
2022-03-30
Updated
2022-04-05
An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user's permissions before executing a file deletion command.
Source: Joomla! Project
Max CVSS
9.1
EPSS Score
0.10%
Published
2021-08-24
Updated
2021-08-31
An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability.
Source: Joomla! Project
Max CVSS
6.1
EPSS Score
0.10%
Published
2021-07-07
Updated
2021-07-07
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in com_installer lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL for com_installer is limited to super users already.
Source: Joomla! Project
Max CVSS
7.5
EPSS Score
0.08%
Published
2021-07-07
Updated
2021-07-09
An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked.
Source: Joomla! Project
Max CVSS
5.3
EPSS Score
0.08%
Published
2021-07-07
Updated
2021-07-09
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table.
Source: Joomla! Project
Max CVSS
7.5
EPSS Score
0.10%
Published
2021-07-07
Updated
2021-07-09
255 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!