Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 2.5.0-3.9.22
Exploit type: Information Disclosure
Reported Date: 2020-09-23
Fixed Date: 2020-11-24
CVE Number: CVE-2020-xxx (TBA)
Description
The globlal configuration page doe…
[20201102] – Core – Disclosure of secrets in Global Configuration page Read More »
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 2.5.0-3.9.22
Exploit type: Information Disclosure
Reported Date: 2020-06-21
Fixed Date: 2020-11-24
CVE Number: CVE-2020-xxx (TBA)
Description
The autosuggestion feature of com_…
[20201101] – Core – com_finder ignores access levels on autosuggest Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 2.5.0-3.9.20
Exploit type: Directory Traversal
Reported Date: 2020-February-02
Fixed Date: 2020-August-25
CVE Number: CVE-2020-24597
Description
Lack of input validation allows com_…
[20200803] – Core – Directory traversal in com_media Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.0.0-3.9.20
Exploit type: Open Redirect
Reported Date: 2020-July-05
Fixed Date: 2020-August-25
CVE Number: CVE-2020-24598
Description
Lack of input validation in com_content leads …
[20200802] – Core – Open redirect in com_content vote feature Read More »
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 3.9.0-3.9.20
Exploit type: XSS
Reported Date: 2020-August-21
Fixed Date: 2020-August-25
CVE Number: CVE-2020-24599
Description
Lack of escaping in mod_latestactions allows XSS …
[20200801] – Core – XSS in mod_latestactions Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.0.0-3.9.19
Exploit type: Information Disclosure
Reported Date: 2020-Jun-17
Fixed Date: 2020-July-14
CVE Number: CVE-2020-15698
Description
Inadequate filtering in the system infor…
[20200706] – Core – System Information screen could expose redis or proxy credentials Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.0.0-3.9.19
Exploit type: XSS
Reported Date: 2020-Jun-08
Fixed Date: 2020-July-14
CVE Number: CVE-2020-15696
Description
Lack of input filtering and escaping allows XSS attacks in …
[20200705] – Core – Escape mod_random_image link Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.0.0-3.9.19
Exploit type: Incorrect Access Control
Reported Date: 2020-Jun-02
Fixed Date: 2020-July-14
CVE Number: CVE-2020-15697
Description
Internal read-only fields in the User …
[20200704] – Core – Variable tampering via user table class Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.9.0-3.9.19
Exploit type: CSRF
Reported Date: 2020-May-07
Fixed Date: 2020-July-14
CVE Number: CVE-2020-15695
Description
A missing token check in the remove request section of com…
[20200703] – Core – CSRF in com_privacy remove-request feature Read More »
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 2.5.0-3.9.19
Exploit type: Incorrect Access Control
Reported Date: 2020-April-04
Fixed Date: 2020-July-14
CVE Number: CVE-2020-15699
Description
Missing validation checks at th…
[20200702] – Core – Missing checks can lead to a broken usergroups table record Read More »
