The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Joomla Core

vulnerability CVE-2019-11809

Joomla Core: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Core, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 09/05/2019.
Identifiers: CERTFR-2019-AVI-198, CVE-2019-11809, VIGILANCE-VUL-29260.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Core, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-9711 CVE-2019-9712 CVE-2019-9713

Joomla Core: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: client access/rights, data reading, data creation/edition.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 13/03/2019.
Identifiers: CERTFR-2019-AVI-097, CVE-2019-9711, CVE-2019-9712, CVE-2019-9713, CVE-2019-9714, VIGILANCE-VUL-28739.

Description of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-7739 CVE-2019-7740 CVE-2019-7741

Joomla Core: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 6.
Creation date: 13/02/2019.
Identifiers: CERTFR-2019-AVI-054, CVE-2019-7739, CVE-2019-7740, CVE-2019-7741, CVE-2019-7742, CVE-2019-7743, CVE-2019-7744, VIGILANCE-VUL-28499.

Description of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-6261 CVE-2019-6262 CVE-2019-6263

Joomla Core: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 15/01/2019.
Identifiers: CERTFR-2019-AVI-020, CVE-2019-6261, CVE-2019-6262, CVE-2019-6263, CVE-2019-6264, VIGILANCE-VUL-28282.

Description of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-17855 CVE-2018-17856 CVE-2018-17857

Joomla Core: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 09/10/2018.
Identifiers: CERTFR-2018-AVI-479, CVE-2018-17855, CVE-2018-17856, CVE-2018-17857, CVE-2018-17858, CVE-2018-17859, VIGILANCE-VUL-27446.

Description of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-15880 CVE-2018-15881 CVE-2018-15882

Joomla Core: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: client access/rights, data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 29/08/2018.
Identifiers: CERTFR-2018-AVI-412, CVE-2018-15880, CVE-2018-15881, CVE-2018-15882, VIGILANCE-VUL-27102.

Description of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-12711

Joomla Core: Cross Site Scripting via Language Switcher

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Language Switcher of Joomla Core, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 26/06/2018.
Identifiers: CERTFR-2018-AVI-307, CVE-2018-12711, VIGILANCE-VUL-26541.

Description of the vulnerability

The Core extension can be installed on Joomla.

However, it does not filter received data via Language Switcher before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Language Switcher of Joomla Core, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-12712

Joomla Core: file reading via PHP Autoload

Synthesis of the vulnerability

A local attacker can read a file via PHP Autoload of Joomla Core, in order to obtain sensitive information.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 26/06/2018.
Identifiers: CERTFR-2018-AVI-307, CVE-2018-12712, VIGILANCE-VUL-26540.

Description of the vulnerability

A local attacker can read a file via PHP Autoload of Joomla Core, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-11321 CVE-2018-11322 CVE-2018-11323

Joomla Core: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 9.
Creation date: 22/05/2018.
Identifiers: CERTFR-2018-AVI-249, CVE-2018-11321, CVE-2018-11322, CVE-2018-11323, CVE-2018-11324, CVE-2018-11325, CVE-2018-11326, CVE-2018-11327, CVE-2018-11328, CVE-2018-6378, VIGILANCE-VUL-26196.

Description of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-8045

Joomla Core: SQL injection via User Notes List

Synthesis of the vulnerability

An attacker can use a SQL injection via User Notes List of Joomla Core, in order to read or alter data.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 13/03/2018.
Identifiers: CERTFR-2018-AVI-125, CVE-2018-8045, VIGILANCE-VUL-25536.

Description of the vulnerability

An attacker can use a SQL injection via User Notes List of Joomla Core, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Joomla Core: