Max CVSS | 6.5 | Min CVSS | 2.6 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-11325 | 5.0 |
An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator a
|
03-10-2019 - 00:03 | 22-05-2018 - 15:29 | |
CVE-2018-11323 | 6.5 |
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions.
|
03-10-2019 - 00:03 | 22-05-2018 - 15:29 | |
CVE-2018-6378 | 4.3 |
In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager.
|
22-06-2018 - 17:21 | 22-05-2018 - 15:29 | |
CVE-2018-11328 | 2.6 |
An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could
|
22-06-2018 - 16:17 | 22-05-2018 - 15:29 | |
CVE-2018-11327 | 4.0 |
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission.
|
22-06-2018 - 16:16 | 22-05-2018 - 15:29 | |
CVE-2018-11326 | 3.5 |
An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a
|
22-06-2018 - 16:16 | 22-05-2018 - 15:29 | |
CVE-2018-11324 | 4.3 |
An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated.
|
22-06-2018 - 16:13 | 22-05-2018 - 15:29 | |
CVE-2018-11322 | 6.0 |
An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.
|
22-06-2018 - 16:11 | 22-05-2018 - 15:29 | |
CVE-2018-11321 | 4.0 |
An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.
|
22-06-2018 - 16:08 | 22-05-2018 - 15:29 |