joomla/joomla-cms
Packagist8 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting joomla/joomla-cmspage 1 of 1
- CVE-2010-1649NONECVSS 0.0EG 0.0✓ Fixed in 1.5.182010-06-08
Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the se…
- CVE-2011-2509NONECVSS 0.0EG 0.0✓ Fixed in 1.6.42011-07-27
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component, as demonstrated by the Itemid parameter to ind…
- CVE-2011-4332NONECVSS 0.0EG 0.0✓ Fixed in 1.6.42011-11-23
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-5583NONECVSS 0.0EG 0.0✓ Fixed in 3.1.62013-12-29
Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
- CVE-2018-11326MEDIUMCVSS 4.8EG 4.8✓ Fixed in 3.8.82018-05-22
An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to…
- CVE-2019-16725MEDIUMCVSS 6.1EG 6.1✓ Fixed in 3.9.122019-09-24
In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates.
- CVE-2019-7743CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.9.32019-02-12
An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler …
- CVE-2025-25227HIGHCVSS 7.5EG 7.5✓ Fixed in 5.2.62025-04-08
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
Check whether joomla/joomla-cms is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for joomla/joomla-cms CVEs against the assets you own.
Start Free Scan →