Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Joomla Number Of NVD 273 CRITICAL 32 HIGH 70 MEDIUM 169 LOW 2
URL https://www.joomla.org/
Explanation Joomla is an open source Content Management System (CMS).

Each major version is supported for at least four years.

Basically, it is recommended to use the latest version.
Tag
  • GPL v2
  • PHP
  • オープンソース
Add Information URL
No Type Name URL
1 https://downloads.joomla.org/
2 https://www.joomla.org/announcements/release-news/
3 https://docs.joomla.org/Joomla!_CMS_versions
4 http://feeds.joomla.org/JoomlaSecurityNews
5 http://www.joomla.jp/
6 https://developer.joomla.org/roadmap.html
7 https://docs.joomla.org/Release_and_support_cycle
8 https://github.com/joomla
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
221 Joomla 5.1 5.1.4 Aug. 27, 2024 April 16, 2024 5 7 11 0
222 Joomla 5.0 5.0.3 July 9, 2024 Oct. 17, 2023 April 16, 2024 5 8 11 0
223 Joomla 4.4 4.4.13 April 8, 2025 Oct. 17, 2023 Oct. 17, 2025 5 8 11 0
224 Joomla 4.3 4.3.4 Aug. 22, 2023 April 18, 2023 Oct. 17, 2023 5 9 12 0
225 Joomla 4.2 4.4.6 July 9, 2024 Aug. 16, 2022 April 18, 2023 5 9 19 0
226 Joomla 4.1 4.1.5 June 21, 2022 Feb. 15, 2022 Aug. 16, 2022 8 9 21 0
227 Joomla 4.0 4.0.6 Jan. 18, 2022 Aug. 17, 2021 Feb. 15, 2022 9 9 21 0
228 Joomla 3.10 3.10.11 Aug. 16, 2022 Aug. 17, 2021 Aug. 17, 2023 6 6 12 0
229 Joomla 3.9 3.9.28 July 6, 2021 Oct. 30, 2018 Aug. 17, 2023 15 25 67 0
230 Joomla 3.8 3.8.13 Oct. 9, 2018 Sept. 19, 2017 Oct. 30, 2018 17 32 75 0
231 Joomla 3.7 3.7.5 Aug. 17, 2017 April 25, 2017 Sept. 19, 2017 19 33 74 1
232 Joomla 3.6 3.6.5 Dec. 13, 2016 July 12, 2016 April 25, 2017 23 34 78 0
233 Joomla 3.5 3.5.1 April 5, 2016 March 21, 2016 July 12, 2016 23 34 76 0
234 Joomla 3.4 3.4.8 Dec. 24, 2015 Feb. 24, 2015 March 21, 2016 23 40 82 0
235 Joomla 3.3 3.3.4 Sept. 23, 2014 April 20, 2014 Feb. 24, 2015 22 41 82 0
236 Joomla 3.2 3.2.1 Dec. 18, 2014 Nov. 6, 2013 Oct. 31, 2014 22 43 84 0
237 Joomla 3.1 3.1.6 Nov. 6, 2013 April 24, 2013 Dec. 31, 2013 18 34 75 0
238 Joomla 3.0 3.0.3 Feb. 4, 2013 Sept. 27, 2012 May 31, 2013 18 34 80 0
239 Joomla 2.5 2.5.28 Dec. 10, 2014 Jan. 24, 2012 Dec. 31, 2014 13 30 58 0
240 Joomla 1.7 1.7.5 Feb. 2, 2012 July 19, 2011 Feb. 29, 2012 10 17 29 0
241 Joomla 1.6 1.6.6 July 26, 2011 Jan. 10, 2011 Aug. 31, 2011 10 14 30 0
242 Joomla 1.5 1.5.26 March 27, 2012 Jan. 22, 2008 Sept. 30, 2012 11 19 35 1
243 Joomla 1.0 1.0.15 Feb. 21, 2008 Sept. 17, 2005 July 22, 2009 5 15 30 0
244 Joomla 13.1 13.1 0 0 0 0
245 Joomla 12.3 12.3 0 0 0 0
246 Joomla 12.1 12.1 0 0 0 0
247 Joomla 11.4 11.4 0 0 0 0
248 Joomla 11.3 11.3 0 0 0 0
249 Joomla 11.2 11.2 0 0 0 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
221 -
7.5 		HIGH plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary d… NVD-CWE-Other
CVE-2013-1453 cpe:2.3:a:joomla:joomla\!:3.0.2:*
cpe:2.3:a:joomla:joomla\!:3.0.1:*
cpe:2.3:a:joomla:joomla\!:3.0.0:*
cpe:2.3:… 		2024-11-21 10:49
2013-02-13 		Show GitHub Exploit DB Packet Storm
222 -
5.0 		MEDIUM Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2012-1599 cpe:2.3:a:joomla:joomla\!:1.5.9:*
cpe:2.3:a:joomla:joomla\!:1.5.8:*
cpe:2.3:a:joomla:joomla\!:1.5.7:*
cpe:2.3:… 		2024-11-21 10:37
2012-12-4 		Show GitHub Exploit DB Packet Storm
223 -
7.5 		HIGH Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability." CWE-264
Permissions, Privileges, and Access Controls 		CVE-2012-1598 cpe:2.3:a:joomla:joomla\!:1.5.9:*
cpe:2.3:a:joomla:joomla\!:1.5.8:*
cpe:2.3:a:joomla:joomla\!:1.5.7:*
cpe:2.3:… 		2024-11-21 10:37
2012-12-4 		Show GitHub Exploit DB Packet Storm
224 -
4.3 		MEDIUM Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection." NVD-CWE-noinfo
CVE-2012-5827 cpe:2.3:a:joomla:joomla\!:2.5.7:*
cpe:2.3:a:joomla:joomla\!:2.5.6:*
cpe:2.3:a:joomla:joomla\!:2.5.5:*
cpe:2.3:… 		2024-11-21 10:45
2012-11-11 		Show GitHub Exploit DB Packet Storm
225 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web scrip… CWE-79
Cross-site Scripting 		CVE-2012-4532 cpe:2.3:a:joomla:joomla\!:2.5.6:*
cpe:2.3:a:joomla:joomla\!:2.5.5:*
cpe:2.3:a:joomla:joomla\!:2.5.4:*
cpe:2.3:… 		2024-11-21 10:43
2012-11-1 		Show GitHub Exploit DB Packet Storm
226 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79
Cross-site Scripting 		CVE-2012-4531 cpe:2.3:a:joomla:joomla\!:2.5.6:*
cpe:2.3:a:joomla:joomla\!:2.5.5:*
cpe:2.3:a:joomla:joomla\!:2.5.4:*
cpe:2.3:… 		2024-11-21 10:43
2012-11-1 		Show GitHub Exploit DB Packet Storm
227 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a … CWE-79
Cross-site Scripting 		CVE-2012-5455 cpe:2.3:a:joomla:joomla\!:3.0.0:* 2024-11-21 10:44
2012-10-23 		Show GitHub Exploit DB Packet Storm
228 -
5.0 		MEDIUM Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors. CWE-20
 Improper Input Validation  		CVE-2011-4911 cpe:2.3:a:joomla:joomla\!:1.5.9:*
cpe:2.3:a:joomla:joomla\!:1.5.8:*
cpe:2.3:a:joomla:joomla\!:1.5.7:*
cpe:2.3:… 		1.5.11 2024-11-21 10:33
2012-10-8 		Show GitHub Exploit DB Packet Storm
229 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. CWE-79
Cross-site Scripting 		CVE-2011-4910 cpe:2.3:a:joomla:joomla\!:1.5.9:*
cpe:2.3:a:joomla:joomla\!:1.5.8:*
cpe:2.3:a:joomla:joomla\!:1.5.7:*
cpe:2.3:… 		1.5.11 2024-11-21 10:33
2012-10-8 		Show GitHub Exploit DB Packet Storm
230 -
4.3 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/vi… CWE-79
Cross-site Scripting 		CVE-2011-4909 cpe:2.3:a:joomla:joomla\!:1.5.9:*
cpe:2.3:a:joomla:joomla\!:1.5.8:*
cpe:2.3:a:joomla:joomla\!:1.5.7:*
cpe:2.3:… 		1.5.11 2024-11-21 10:33
2012-10-8 		Show GitHub Exploit DB Packet Storm