The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Joomla Core

threat alert CVE-2019-15028

Joomla Core: privilege escalation via Com_contact Mail Submission

Synthesis of the vulnerability

An attacker can bypass restrictions via Com_contact Mail Submission of Joomla Core, in order to escalate his privileges.
Severity: 2/4.
Creation date: 14/08/2019.
Identifiers: CERTFR-2019-AVI-386, CVE-2019-15028, VIGILANCE-VUL-30053.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Com_contact Mail Submission of Joomla Core, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2019-14654

Joomla Core: code execution via Subform Filter Attribute

Synthesis of the vulnerability

An attacker can use a vulnerability via Subform Filter Attribute of Joomla Core, in order to run code.
Severity: 2/4.
Creation date: 10/07/2019.
Identifiers: CERTFR-2019-AVI-314, CVE-2019-14654, VIGILANCE-VUL-29735.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via Subform Filter Attribute of Joomla Core, in order to run code.
Full Vigil@nce bulletin... (Free trial)

security weakness CVE-2019-12764 CVE-2019-12765 CVE-2019-12766

Joomla Core: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 11/06/2019.
Identifiers: CERTFR-2019-AVI-266, CVE-2019-12764, CVE-2019-12765, CVE-2019-12766, VIGILANCE-VUL-29504.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2019-11809

Joomla Core: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Core, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 09/05/2019.
Identifiers: CERTFR-2019-AVI-198, CVE-2019-11809, VIGILANCE-VUL-29260.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Core, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-9711 CVE-2019-9712 CVE-2019-9713

Joomla Core: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 13/03/2019.
Identifiers: CERTFR-2019-AVI-097, CVE-2019-9711, CVE-2019-9712, CVE-2019-9713, CVE-2019-9714, VIGILANCE-VUL-28739.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Full Vigil@nce bulletin... (Free trial)

weakness alert CVE-2019-7739 CVE-2019-7740 CVE-2019-7741

Joomla Core: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 6.
Creation date: 13/02/2019.
Identifiers: CERTFR-2019-AVI-054, CVE-2019-7739, CVE-2019-7740, CVE-2019-7741, CVE-2019-7742, CVE-2019-7743, CVE-2019-7744, VIGILANCE-VUL-28499.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-6261 CVE-2019-6262 CVE-2019-6263

Joomla Core: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 15/01/2019.
Identifiers: CERTFR-2019-AVI-020, CVE-2019-6261, CVE-2019-6262, CVE-2019-6263, CVE-2019-6264, VIGILANCE-VUL-28282.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-17855 CVE-2018-17856 CVE-2018-17857

Joomla Core: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 5.
Creation date: 09/10/2018.
Identifiers: CERTFR-2018-AVI-479, CVE-2018-17855, CVE-2018-17856, CVE-2018-17857, CVE-2018-17858, CVE-2018-17859, VIGILANCE-VUL-27446.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Full Vigil@nce bulletin... (Free trial)

cybersecurity announce CVE-2018-15880 CVE-2018-15881 CVE-2018-15882

Joomla Core: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 29/08/2018.
Identifiers: CERTFR-2018-AVI-412, CVE-2018-15880, CVE-2018-15881, CVE-2018-15882, VIGILANCE-VUL-27102.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Full Vigil@nce bulletin... (Free trial)

weakness note CVE-2018-12711

Joomla Core: Cross Site Scripting via Language Switcher

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Language Switcher of Joomla Core, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 26/06/2018.
Identifiers: CERTFR-2018-AVI-307, CVE-2018-12711, VIGILANCE-VUL-26541.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Core extension can be installed on Joomla.

However, it does not filter received data via Language Switcher before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Language Switcher of Joomla Core, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Joomla Core: