Page 2 of 804 results (0.006 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen. • https://developer.joomla.org/security-centre/899-20230501-core-open-redirects-and-xss-within-the-mfa-selection.html • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods. • https://developer.joomla.org/security-centre/900-20230502-core-bruteforce-prevention-within-the-mfa-screen.html • CWE-307: Improper Restriction of Excessive Authentication Attempts •

CVSS: 5.3EPSS: 94%CPEs: 1EXPL: 45

An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. Joomla! versions prior to 4.2.8 suffer from an unauthenticated information disclosure vulnerability. • https://www.exploit-db.com/exploits/51334 https://github.com/Acceis/exploit-CVE-2023-23752 https://github.com/ThatNotEasy/CVE-2023-23752 https://github.com/gibran-abdillah/CVE-2023-23752 https://github.com/K3ysTr0K3R/CVE-2023-23752-EXPLOIT https://github.com/Fernando-olv/Joomla-CVE-2023-23752 https://github.com/Ly0kha/Joomla-CVE-2023-23752-Exploit-Script https://github.com/Rival420/CVE-2023-23752 https://github.com/shellvik/CVE-2023-23752 https://github.com/AlissonFaoli/CVE&# • CWE-284: Improper Access Control •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs. • https://developer.joomla.org/security-centre/891-20230102-core-missing-acl-checks-for-com-actionlogs.html • CWE-863: Incorrect Authorization •

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages. • https://developer.joomla.org/security-centre/890-20230101-core-csrf-within-post-installation-messages.html • CWE-352: Cross-Site Request Forgery (CSRF) •