Joomla: >> Joomla! >> 4.1.2 Security Vulnerabilities
Lack of output escaping leads to a XSS vector in the multilingual associations component.
CVSS Score
5.9
EPSS Score
0.0
Published
2026-04-01
Lack of output escaping for article titles leads to XSS vectors in various locations.
CVSS Score
5.9
EPSS Score
0.0
Published
2026-04-01
Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism.
CVSS Score
8.6
EPSS Score
0.0
Published
2026-04-01
An improper access check allows unauthorized access to webservice endpoints.
CVSS Score
8.6
EPSS Score
0.0
Published
2026-04-01
The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers.
CVSS Score
6.3
EPSS Score
0.0
Published
2026-04-01
Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint.
CVSS Score
6.9
EPSS Score
0.0
Published
2026-04-01
Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.
CVSS Score
5.9
EPSS Score
0.0
Published
2026-01-06
Lack of output escaping leads to a XSS vector in the pagebreak plugin.
CVSS Score
5.9
EPSS Score
0.0
Published
2026-01-06
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-04-08
Various module chromes didn't properly process inputs, leading to XSS vectors.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-01-07
Page 1