Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Joomla! Project — Vulnerabilities & Security Advisories 82

Browse all 82 CVE security advisories affecting Joomla! Project. AI-powered Chinese analysis, POCs, and references for each vulnerability.

The Joomla! Project develops an open-source content management system widely used for building websites and online applications. Historically, its codebase has been associated with numerous security flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues often stem from insufficient input validation and improper access controls within extensions or core components. With eighty-two recorded CVEs, the project demonstrates a pattern of recurring weaknesses that require diligent patching. While the core framework itself has seen improvements, the extensive ecosystem of third-party extensions frequently introduces additional attack surfaces. Major incidents have highlighted the critical importance of timely updates and secure configuration practices. Administrators must prioritize vulnerability management to mitigate risks, as the platform’s popularity makes it a frequent target for automated exploitation attempts seeking to compromise underlying server infrastructure.

Top products by Joomla! Project: Joomla! CMS Joomla! Framework
CVE IDTitleCVSSSeverityPublished
CVE-2021-26031 [20210402] - Core - Inadequate filters on module layout settings — Joomla! CMS 5.3 -2021-04-14
CVE-2021-26030 [20210401] - Core - Escape xss in logo parameter error pages — Joomla! CMS 6.1 -2021-04-14
CVE-2021-26029 [20210309] - Core - Inadequate filtering of form contents could allow to overwrite the author field — Joomla! CMS 5.3 -2021-03-04
CVE-2021-26028 [20210308] - Core - Path Traversal within joomla/archive zip class — Joomla! CMS 5.5 -2021-03-04
CVE-2021-26027 [20210307] - Core - ACL violation within com_content frontend editing — Joomla! CMS 5.3 -2021-03-04
CVE-2021-23132 [20210306] - Core - com_media allowed paths that are not intended for image uploads — Joomla! CMS 7.5 -2021-03-04
CVE-2021-23131 [20210305] - Core - Input validation within the template manager — Joomla! CMS 9.1 -2021-03-04
CVE-2021-23130 [20210304] - Core - XSS within the feed parser library — Joomla! CMS 6.1 -2021-03-04
CVE-2021-23129 [20210303] - Core - XSS within alert messages showed to users — Joomla! CMS 6.1 -2021-03-04
CVE-2021-23127 [20210301] - Core - Insecure randomness within 2FA secret generation — Joomla! CMS 9.1 -2021-03-04
CVE-2021-23126 [20210301] - Core - Insecure randomness within 2FA secret generation — Joomla! CMS 5.3 -2021-03-04
CVE-2021-23128 [20210302] - Core - Potential Insecure FOFEncryptRandval — Joomla! CMS 9.1 -2021-03-04
CVE-2021-23125 [20210103] - Core - XSS in com_tags image parameters — Joomla! CMS 6.1 -2021-01-12
CVE-2021-23124 [20210102] - Core - XSS in mod_breadcrumbs aria-label attribute — Joomla! CMS 6.1 -2021-01-12
CVE-2021-23123 [20210101] - Core - com_modules exposes module names — Joomla! CMS 5.3 -2021-01-12
CVE-2020-35616 [20201107] - Core - Write ACL violation in multiple core views — Joomla! CMS 7.5 -2020-12-28
CVE-2020-35615 [20201106] - Core - CSRF in com_privacy emailexport feature — Joomla! CMS 8.8 -2020-12-28
CVE-2020-35610 [20201101] - Core - com_finder ignores access levels on autosuggest — Joomla! CMS 7.5 -2020-12-28
CVE-2020-35614 [20201105] - Core - User Enumeration in backend login — Joomla! CMS 5.3 -2020-12-28
CVE-2020-35613 [20201104] - Core - SQL injection in com_users list view — Joomla! CMS 9.8 -2020-12-28
CVE-2020-35612 [20201103] - Core - Path traversal in mod_random_image — Joomla! CMS 7.5 -2020-12-28
CVE-2020-35611 [20201102] - Core - Disclosure of secrets in Global Configuration page — Joomla! CMS 8.6 -2020-12-28

This page lists every published CVE security advisory associated with Joomla! Project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.