Inadequate escaping of usernames allow XSS attacks in com_actionlogs.
Joomla! CMS versions 3.9.0 - 3.9.14
Upgrade to version 3.9.15
The JSST at the Joomla! Security Centre.
A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.
Joomla! CMS versions 3.0.0 - 3.9.14
Missing token checks in the batch actions of various components causes CSRF vulnerabilities.
The lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.
Joomla! CMS versions 2.5.0 - 3.9.13
Upgrade to version 3.9.14
Missing access check in framework files could lead to a path disclosure.
Joomla! CMS versions 3.8.0 - 3.9.13