Lucene search
K

27 matches found

NVD
NVD
added 2026/07/07 7:16 p.m.6 views

CVE-2026-48952

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

8.4CVSS0.00147EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:33 p.m.6 views

CVE-2026-48952

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/07 5:33 p.m.37 views

CVE-2026-48952 Joomla! Core - [20260706] - XSS in com_installer

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

8.4CVSS0.00147EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-12861

Malware in sbrugna...

7.5CVSS7.4AI score0.01209EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-4762

Malware in sbrugna...

6.6CVSS6.4AI score0.05188EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2022/08/04 12:0 a.m.7 views

The vulnerability of the /ossn/administrator/com_installer component of open-source social network software allows a hacker to execute arbitrary code.

The vulnerability of the Open Source Social Network software component /ossn/administrator/cominstaller lies in the lack of restrictions on file downloads. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, using a specially created PHP file...

9CVSS7.6AI score0.01574EPSS
Exploits1References3
NVD
NVD
added 2021/07/07 11:15 a.m.15 views

CVE-2021-26038

An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in cominstaller lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL for cominstaller is limited to super users already...

7.5CVSS0.01209EPSS
Exploits0References1
OSV
OSV
added 2021/07/07 11:15 a.m.18 views

CVE-2021-26038

An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in cominstaller lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL for cominstaller is limited to super users already...

7.5CVSS6.7AI score
Exploits0References1
Prion
Prion
added 2021/07/07 11:15 a.m.22 views

Hardcoded credentials

An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in cominstaller lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL for cominstaller is limited to super users already...

4.3CVSS7.4AI score0.01209EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/07/07 10:12 a.m.15 views

CVE-2021-26038 [20210704] - Core - Privilege escalation through com_installer

An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in cominstaller lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL for cominstaller is limited to super users already...

7.7AI score0.01209EPSS
Exploits0References1
CVE
CVE
added 2021/07/07 10:12 a.m.182 views

CVE-2021-26038

Joomla! 2.5.0 through 3.9.27 is affected by CVE-2021-26038 due to an install action in com_installer lacking hardcoded ACL checks for superusers, enabling privilege escalation. The default ACL for com_installer is limited to super users, so the default system is not affected. A patch is available...

7.5CVSS7.4AI score0.01209EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2021/07/07 12:0 a.m.17 views

Code problem vulnerability of Joomla!

Joomla! is a set of forum components used in the Joomla! content management system. A code issue vulnerability exists in Joomla! 2.5.0 - 3.9.27. The vulnerability stems from a hard-coded ACL check for superuser missing from the install operation in cominstaller, which can be exploited to execute...

7.5CVSS2.9AI score0.01209EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/07/07 12:0 a.m.67 views

Joomla 2.5.x < 3.9.28 Multiple Vulnerabilities (5840-joomla-3-9-28)

According to its self-reported version, the instance of Joomla! running on the remote web server is 2.5.x prior to 3.9.28. It is, therefore, affected by multiple vulnerabilities. - Inadequate escaping in the Rules field of the JForm API leads to a XSS vulnerability. CVE-2021-26035 - Missing...

7.5CVSS6.1AI score0.01439EPSS
Exploits0References11
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2021/06/06 12:0 a.m.54 views

[20210704] - Core - Privilege escalation through com_installer

Install action in cominstaller lack the required hardcoded ACL checks for superusers, leading to various potential attack vectors. A default system is not affected cause by default cominstaller is limited to super users already...

7.5CVSS3.9AI score0.01209EPSS
Exploits0Affected Software1
NVD
NVD
added 2020/07/15 4:15 p.m.24 views

CVE-2020-15700

An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajaxinstall endpoint of cominstaller causes a CSRF vulnerability...

6.8CVSS0.00594EPSS
Exploits0References1
OSV
OSV
added 2020/07/15 4:15 p.m.14 views

CVE-2020-15700

An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajaxinstall endpoint of cominstaller causes a CSRF vulnerability...

6.3CVSS6.9AI score
Exploits0References1
Prion
Prion
added 2020/07/15 4:15 p.m.18 views

Cross site request forgery (csrf)

An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajaxinstall endpoint of cominstaller causes a CSRF vulnerability...

6.8CVSS6.3AI score0.00594EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/07/15 3:52 p.m.54 views

CVE-2020-15700

CVE-2020-15700 affects Joomla! up to 3.9.19: the ajax_install endpoint in com_installer lacks a token check, causing a CSRF vulnerability. Affected: Joomla! through 3.9.19. Impact: CSRF (network vector; user interaction required; confidentiality/integrity/availability LOW). Mitigation: upgrade to...

6.8CVSS6.3AI score0.00594EPSS
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/05/07 12:0 a.m.24 views

[20200701] - Core - CSRF in com_installer ajax_install endpoint

A missing token check in the ajaxinstall endpoint cominstaller causes a CSRF vulnerability...

6.9AI score
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2018/10/10 12:0 a.m.32 views

Joomla! < 3.8.13 Multiple Vulnerabilities

Joomla! is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla"; ifdescription...

8.8CVSS6.4AI score0.01348EPSS
Exploits0References2
Rows per page
Query Builder