Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.7.0-3.9.19
Exploit type: CSRF
Reported Date: 2020-May-07
Fixed Date: 2020-July-14
CVE Number: CVE-2020-XXXXX
Description
A missing token check in the ajax_install endpoint com_ins…
[20200701] – Core – CSRF in com_installer ajax_install endpoint Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Moderate
Versions: 3.0.0-3.9.18
Exploit type: XSS
Reported Date: 2020-April-10
Fixed Date: 2020-June-02
CVE Number: CVE-2020-11022 and CVE-2020-11023
Description
The jQuery project released versi…
[20200604] – Core – XSS in jQuery.htmlPrefilter Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.7.0-3.9.18
Exploit type: XSS
Reported Date: 2020-May-08
Fixed Date: 2020-June-02
CVE Number: CVE-2020-xxx
Description
Missing token checks in com_postinstall cause CSRF vulnerabil…
[20200605] – Core – CSRF in com_postinstall Read More »
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 3.0.0-3.9.18
Exploit type: XSS
Reported Date: 2020-May-06
Fixed Date: 2020-June-02
CVE Number: CVE-2020-XXX
Description
Incorrect input validation of the module tag option in c…
[20200603] – Core – XSS in com_modules tag options Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 2.5.0-3.9.18
Exploit type: Insecure Permissions
Reported Date: 2020-April-23
Fixed Date: 2020-June-02
CVE Number: CVE-2020-XXX
Description
The default settings of the global “textfi…
[20200602] – Core – Inconsistent default textfilter settings Read More »
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 3.0.0-3.9.18
Exploit type: XSS
Reported Date: 2020-May-06
Fixed Date: 2020-June-02
CVE Number: CVE-2020-XXX
Description
Lack of input validation in the heading tag option of th…
[20200601] – Core – XSS in modules heading tag option Read More »
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 2.5.0 – 3.9.16
Exploit type: Incorrect Access Control
Reported Date: 2020-March-13
Fixed Date: 2020-April-21
CVE Number: CVE-2020-11889
Description
Incorrect ACL checks in the …
[20200403] – Core – Incorrect access control in com_users access level deletion function Read More »
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 2.5.0 – 3.9.16
Exploit type: Incorrect Access Control
Reported Date: 2020-February-27
Fixed Date: 2020-April-21
CVE Number: CVE-2020-11890
Description
Inproper input validation…
[20200402] – Core – Missing checks for the root usergroup in usergroup table Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.8.8 – 3.9.16
Exploit type: Incorrect Access Control
Reported Date: 2020-March-13
Fixed Date: 2020-April-21
CVE Number: CVE-2020-11891
Description
Incorrect ACL checks in the acces…
[20200401] – Core – Incorrect access control in com_users access level editing function Read More »
Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions: 1.7.0-3.9.15
Exploit type: SQL Injection
Reported Date: 2020-March-9
Fixed Date: 2020-March-10
CVE Number: CVE-2020-10243
Description
The lack of type casting of a variable in SQL …
[20200306] – Core – SQL injection in Featured Articles menu parameters Read More »
