Joomla\! CVE Vulnerabilities

Lack of input filtering leads to an XSS vector in the HTML filter code.

An improper access check allows privelege escalation through the com_users group editing webservice endpoint.

Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.

The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.

The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key.

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks.

An improper access check allows privilege escalation through the com_users batch task.

An improper access check allows privilege escalation through the com_users batch task.

Insufficient state checks lead to a vector that allows to bypass 2FA checks.

Insufficient state checks lead to a vector that allows to bypass 2FA checks.

An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability.

An improper validation of user-supplied input leads to a local file inclusion vulnerability.

An improper access check allows unauthorized access to com_config webservice endpoints.

Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.

Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.

Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users.

Lack of output escaping leads to a XSS vector in the readmore links for com_content.

Lack of output escaping leads to a XSS vector in the content history component.

Lack of output escaping leads to a XSS vector in the multilingual associations component.

Lack of output escaping leads to a XSS vector in the feed modules.