Project: Joomla!
SubProject: CMS
Impact: Low
Severity: High
Versions: 3.2.0 through 3.9.4
Exploit type: ACL Violation
Reported Date: 2019-March-13
Fixed Date: 2019-April-08
CVE Number: CVE-2019-10946
Description
The “refresh list of helpsites” endpoi…
[20190402] – Core – Helpsites refresh endpoint callable for unauthenticated users Read More »
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 1.5.0 through 3.9.4
Exploit type: Directory Traversal
Reported Date: 2019-March-13
Fixed Date: 2019-April-08
CVE Number: CVE-2019-10945
Description
The Media Manager component …
[20190401] – Core – Directory Traversal in com_media Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Moderate
Versions: 3.0.0 through 3.9.4
Exploit type: XSS
Reported Date: 2019-March-25
Fixed Date: 2019-April-09
CVE Number: TBA
Description
The $.extend method of JQuery is vulnerable to Object.p…
[20190403] – Core – Object.prototype pollution in JQuery $.extend Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.2.0 through 3.9.3
Exploit type: XSS
Reported Date: 2019-March-04
Fixed Date: 2019-March-12
CVE Number: CVE-2019-9712
Description
The JSON handler in com_config lacks input validat…
[20190301] – Core – XSS in com_config JSON handler Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.0.0 through 3.9.3
Exploit type: XSS
Reported Date: 2019-February-25
Fixed Date: 2019-March-12
CVE Number: CVE-2019-9711
Description
The item_title layout in edit views lacks escap…
[20190302] – Core – XSS in item_title layout Read More »
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: High
Versions: 3.8.0 through 3.9.3
Exploit type: XSS
Reported Date: 2019-February-28
Fixed Date: 2019-March-12
CVE Number: CVE-2019-9713
Description
The sample data plugins lack ACL checks, …
[20190304] – Core – Missing ACL check in sample data plugins Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.0.0 through 3.9.3
Exploit type: XSS
Reported Date: 2019-February-25
Fixed Date: 2019-March-12
CVE Number: CVE-2019-9714
Description
The media form field lacks escaping, leading to…
[20190303] – Core – XSS in media form field Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 2.5.0 through 3.9.2
Exploit type: Object Injection
Reported Date: 2019-January-18
Fixed Date: 2019-February-12
CVE Number: CVE-2019-7743
Description
The phar:// stream wrapper can b…
[20190206] – Core – Implement the TYPO3 PHAR stream wrapper Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 2.5.0 through 3.9.2
Exploit type: XSS
Reported Date: 2018-October-07
Fixed Date: 2019-February-12
CVE Number: CVE-2019-7740
Description
Inadequate parameter handling in JS code coul…
[20190205] – Core – XSS Issue in core.js writeDynaList Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 2.5.0 through 3.9.2
Exploit type: XSS
Reported Date: 2019-January-16
Fixed Date: 2019-February-12
CVE Number: CVE-2019-7741
Description
Inadequate checks at the Global Configuration…
[20190204] – Core – Stored XSS issue in the Global Configuration help url #2 Read More »
