Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.2.0 – 3.9.24
Exploit type: Insecure Randomness
Reported Date: 2021-01-12
Fixed Date: 2021-03-02
CVE Number: CVE-2021-23126, CVE-2021-23127
Description
Usage of the insecure rand()…
[20210301] – Core – Insecure randomness within 2FA secret generation Read More »
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions:3.1.0 – 3.9.23
Exploit type: XSS
Reported Date: 2020-09-01
Fixed Date: 2021-01-12
CVE Number: CVE-2021-23125
Description
Lack of escaping of image-related parameters in multiple…
[20210103] – Core – XSS in com_tags image parameters Read More »
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions:3.9.0 – 3.9.23
Exploit type: XSS
Reported Date: 2020-09-01
Fixed Date: 2021-01-12
CVE Number: CVE-2021-23124
Description
Lack of escaping in mod_breadcrumbs aria-label attribute…
[20210102] – Core – XSS in mod_breadcrumbs aria-label attribute Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions:3.0.0 – 3.9.23
Exploit type: Incorrect Access Control
Reported Date: 2020-07-07
Fixed Date: 2021-01-12
CVE Number: CVE-2021-23123
Description
Lack of ACL checks in the orderPosition …
[20210101] – Core – com_modules exposes module names Read More »
Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions:1.7.0 – 3.9.22
Exploit type: ACL Violation
Reported Date: 2018-11-04
Fixed Date: 2020-11-24
CVE Number: CVE-2020-xxx (TBA)
Description
Lack of input validation while handling ACL ru…
[20201107] – Core – Write ACL violation in multiple core views Read More »
Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions:1.7.0 – 3.9.22
Exploit type: ACL Violation
Reported Date: 2018-11-04
Fixed Date: 2020-11-24
CVE Number: CVE-2020-xxx (TBA)
Description
Lack of input validation while handling ACL ru…
[20201107] – Core – Write ACL violation in multiple core views Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.9.0-3.9.22
Exploit type: CSRF
Reported Date: 2020-10-08
Fixed Date: 2020-11-24
CVE Number: CVE-2020-xxx (TBA)
Description
A missing token check in the emailexport feature of com_p…
[20201106] – Core – CSRF in com_privacy emailexport feature Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.9.0-3.9.22
Exploit type: User Enumeration
Reported Date: 2020-08-15
Fixed Date: 2020-11-24
CVE Number: CVE-2020-xxx (TBA)
Description
Improper handling of the username leads to a …
[20201105] – Core – User Enumeration in backend login Read More »
Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions: 3.0.0-3.9.22
Exploit type: SQL Injection
Reported Date: 2020-10-13
Fixed Date: 2020-11-24
CVE Number: CVE-2020-xxx (TBA)
Description
Improper filter blacklist configuration leads t…
[20201104] – Core – SQL injection in com_users list view Read More »
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 2.5.0-3.9.22
Exploit type: Path traversal
Reported Date: 2020-10-06
Fixed Date: 2020-11-24
CVE Number: CVE-2020-xxx (TBA)
Description
The folder parameter of mod_random_image l…
[20201103] – Core – Path traversal in mod_random_image Read More »
