Joomla: >> Joomla! >> 3.10.4 Security Vulnerabilities
The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified.
CVSS Score
6.3
EPSS Score
0.0
Published
2024-02-29
Inadequate parsing of URLs could result into an open redirect.
CVSS Score
4.3
EPSS Score
0.0
Published
2024-02-29
Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions.
CVSS Score
6.1
EPSS Score
0.0
Published
2024-02-29
Inadequate content filtering leads to XSS vulnerabilities in various components.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-02-29
The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-11-29
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path.
CVSS Score
7.5
EPSS Score
0.0
Published
2022-03-30
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application.
CVSS Score
5.3
EPSS Score
0.0
Published
2022-03-30
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover.
CVSS Score
9.8
EPSS Score
0.0
Published
2022-03-30
An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-03-30
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection.
CVSS Score
9.8
EPSS Score
0.0
Published
2022-03-30