5 matches found
Joomla! 3.0.x < 3.9.12 Cross-Site Scripting
According to its self-reported version number, the detected Joomla! application is affected by a cross-site scripting vulnerability in versions 3.0.0 to 3.9.11 due to inadequate escaping in the logo parameter of the default templates. Note that the scanner has not tested for these issues but has...
Design/Logic Flaw
plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors...
CVE-2013-3267
Cross-site scripting XSS vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2013-3267
CVE-2013-3267 is an XSS vulnerability in the Joomla! Highlighter plugin affecting Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4. The issue is triggered by improper validation of user-supplied input, allowing remote attackers to inject arbitrary script/HTML via unspecified vectors. Impact det...
CVE-2013-3059
Cross-site scripting XSS vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...