Software Detail

Software Informaton Top

CMS

Software Detail

Joomla

Number Of NVD

273

CRITICAL

HIGH

MEDIUM

169

LOW

URL	https://www.joomla.org/
Explanation	Joomla is an open source Content Management System (CMS). Each major version is supported for at least four years. Basically, it is recommended to use the latest version.
Tag	オープンソース GPL v2 PHP

Add Information URL

No	Type	Name	URL
1			https://downloads.joomla.org/
2			https://www.joomla.org/announcements/release-news/
3			https://docs.joomla.org/Joomla!_CMS_versions
4			http://feeds.joomla.org/JoomlaSecurityNews
5			http://www.joomla.jp/
6			https://developer.joomla.org/roadmap.html
7			https://docs.joomla.org/Release_and_support_cycle
8			https://github.com/joomla

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
21	Joomla 5.1	5.1.4	Aug. 27, 2024	April 16, 2024		5	7	11	0
22	Joomla 5.0	5.0.3	July 9, 2024	Oct. 17, 2023	April 16, 2024	5	8	11	0
23	Joomla 4.4	4.4.13	April 8, 2025	Oct. 17, 2023	Oct. 17, 2025	5	8	11	0
24	Joomla 4.3	4.3.4	Aug. 22, 2023	April 18, 2023	Oct. 17, 2023	5	9	12	0
25	Joomla 4.2	4.4.6	July 9, 2024	Aug. 16, 2022	April 18, 2023	5	9	19	0
26	Joomla 4.1	4.1.5	June 21, 2022	Feb. 15, 2022	Aug. 16, 2022	8	9	21	0
27	Joomla 4.0	4.0.6	Jan. 18, 2022	Aug. 17, 2021	Feb. 15, 2022	9	9	21	0
28	Joomla 3.10	3.10.11	Aug. 16, 2022	Aug. 17, 2021	Aug. 17, 2023	6	6	12	0
29	Joomla 3.9	3.9.28	July 6, 2021	Oct. 30, 2018	Aug. 17, 2023	15	25	67	0
30	Joomla 3.8	3.8.13	Oct. 9, 2018	Sept. 19, 2017	Oct. 30, 2018	17	32	75	0
31	Joomla 3.7	3.7.5	Aug. 17, 2017	April 25, 2017	Sept. 19, 2017	19	33	74	1
32	Joomla 3.6	3.6.5	Dec. 13, 2016	July 12, 2016	April 25, 2017	23	34	78	0
33	Joomla 3.5	3.5.1	April 5, 2016	March 21, 2016	July 12, 2016	23	34	76	0
34	Joomla 3.4	3.4.8	Dec. 24, 2015	Feb. 24, 2015	March 21, 2016	23	40	82	0
35	Joomla 3.3	3.3.4	Sept. 23, 2014	April 20, 2014	Feb. 24, 2015	22	41	82	0
36	Joomla 3.2	3.2.1	Dec. 18, 2014	Nov. 6, 2013	Oct. 31, 2014	22	43	84	0
37	Joomla 3.1	3.1.6	Nov. 6, 2013	April 24, 2013	Dec. 31, 2013	18	34	75	0
38	Joomla 3.0	3.0.3	Feb. 4, 2013	Sept. 27, 2012	May 31, 2013	18	34	80	0
39	Joomla 2.5	2.5.28	Dec. 10, 2014	Jan. 24, 2012	Dec. 31, 2014	13	30	58	0
40	Joomla 1.7	1.7.5	Feb. 2, 2012	July 19, 2011	Feb. 29, 2012	10	17	29	0
41	Joomla 1.6	1.6.6	July 26, 2011	Jan. 10, 2011	Aug. 31, 2011	10	14	30	0
42	Joomla 1.5	1.5.26	March 27, 2012	Jan. 22, 2008	Sept. 30, 2012	11	19	35	1
43	Joomla 1.0	1.0.15	Feb. 21, 2008	Sept. 17, 2005	July 22, 2009	5	15	30	0
44	Joomla 13.1	13.1				0	0	0	0
45	Joomla 12.3	12.3				0	0	0	0
46	Joomla 12.1	12.1				0	0	0	0
47	Joomla 11.4	11.4				0	0	0	0
48	Joomla 11.3	11.3				0	0	0	0
49	Joomla 11.2	11.2				0	0	0	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
21	6.1 -	MEDIUM Network	The wrapper extensions do not correctly validate inputs, leading to XSS vectors.	CWE-79 Cross-site Scripting	CVE-2024-26279	cpe:2.3:a:joomla:joomla\!::	3.0.0 4.0.0 5.0.0		3.10.16 4.4.6 5.1.2	2024-11-21 18:02 2024-07-10	Show	GitHub Exploit DB Packet Storm

22	6.1 -	MEDIUM Network	The Custom Fields component not correctly filter inputs, leading to a XSS vector.	CWE-79 Cross-site Scripting	CVE-2024-26278	cpe:2.3:a:joomla:joomla\!::	4.0.0 5.0.0 3.7.0		4.4.6 5.1.2 3.10.16	2024-11-21 18:02 2024-07-10	Show	GitHub Exploit DB Packet Storm

23	6.1 -	MEDIUM Network	Improper handling of input could lead to an XSS vector in the StringHelper::truncate method.	CWE-79 Cross-site Scripting	CVE-2024-21731	cpe:2.3:a:joomla:joomla\!::	5.0.0 4.0.0 3.0.0	5.1.1 4.4.5 3.10.15		2024-11-21 17:54 2024-07-10	Show	GitHub Exploit DB Packet Storm

24	5.4 -	MEDIUM Network	The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector.	CWE-79 Cross-site Scripting	CVE-2024-21730	cpe:2.3:a:joomla:joomla\!::	4.0.0 5.0.0		4.4.6 5.1.2	2024-11-21 17:54 2024-07-10	Show	GitHub Exploit DB Packet Storm

25	7.5 -	HIGH Network	The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information.	NVD-CWE-noinfo	CVE-2023-40626	cpe:2.3:a:joomla:joomla\!:5.0.0:* cpe:2.3:a:joomla:joomla\!::	4.0.0 1.6.0		4.4.1 3.10.14	2024-11-21 17:19 2023-11-29	Show	GitHub Exploit DB Packet Storm

26	7.5 -	HIGH Network	An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods.	CWE-307 mproper Restriction of Excessive Authentication Attempts	CVE-2023-23755	cpe:2.3:a:joomla:joomla\!::	4.2.0		4.3.2	2024-11-21 16:46 2023-05-31	Show	GitHub Exploit DB Packet Storm

27	6.1 -	MEDIUM Network	An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.	CWE-20 CWE-601 Improper Input Validation Open Redirect	CVE-2023-23754	cpe:2.3:a:joomla:joomla\!::	4.2.0		4.3.2	2024-11-21 16:46 2023-05-31	Show	GitHub Exploit DB Packet Storm

28	5.3 -	MEDIUM Network	An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.	NVD-CWE-Other	CVE-2023-23752	cpe:2.3:a:joomla:joomla\!::	4.0.0		4.2.8	2024-11-21 16:46 2023-02-17	Show	GitHub Exploit DB Packet Storm

29	4.3 -	MEDIUM Network	An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.	CWE-863 Incorrect Authorization	CVE-2023-23751	cpe:2.3:a:joomla:joomla\!::	4.0.0	4.2.4		2024-11-21 16:46 2023-02-2	Show	GitHub Exploit DB Packet Storm

30	6.3 -	MEDIUM Network	An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.	CWE-352 Origin Validation Error	CVE-2023-23750	cpe:2.3:a:joomla:joomla\!::	4.0.0	4.2.6		2024-11-21 16:46 2023-02-2	Show	GitHub Exploit DB Packet Storm