Inadequate checks in com_contact could allowed mail submission in disabled forms.
Joomla! CMS versions 1.6.2 - 3.9.10
Upgrade to version 3.9.11
The JSST at the Joomla! Security Centre.
Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.
Joomla! CMS versions 3.9.7 - 3.9.8
Upgrade to version 3.9.9
The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users.
Joomla! CMS versions 3.8.13 through 3.9.6
Upgrade to version 3.9.7
The subform fieldtype does not sufficiently filter or validate input of subfields, this leads to XSS attack vectors.
Joomla! CMS versions 3.6.0 through 3.9.6
The CSV export of com_actionslogs is vulnerable to CSV injection.
Joomla! CMS versions 3.9.0 through 3.9.6