Lucene search
K
JoomlaMost viewed

747 matches found

Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2015/01/20 12:0 a.m.21 views

J2Store 2.5 to 2.8.3, SQL Injection

J2Store 2.5 to 2.8.3 SQL Injection Update to 2.8.4 UpdateNoticeURL http://j2store.org/blog/213-security-update-january-2015.html...

0.5AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/12/02 1:47 a.m.21 views

edocuman, 1.6.0, Other

edocuman, 1.6.0, Other Developer update notice http://joomdonation.com/forum/edocman/45095-low-security-edocman-1-6-1-released.html53433...

7.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/11/15 1:27 p.m.21 views

Admin Exile 2.3.5 sqli

Admin Exile version 2.3.5 SQL injection Developer Update Version 2.3.6 resolves an unpublished/theoretical SQL injection vulnerability. http://www.richeyweb.com/development/joomla-plugins/71-adminexile-for-joomla-16...

8.3AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/08/29 7:27 a.m.21 views

joomla spider video, 2.8.3, sqli

joomla spider video, 2.8.3, SQL Injection UpdateNoticeURL http://web-dorado.com/products/joomla-player.html...

1.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/03/03 12:0 a.m.21 views

ActiveHelper LiveHelp, 3.2.0, sqli

ActiveHelper LiveHelp, 3.2.0, SQL Injection We already updated the LiveHelp Server to the version 3.3.0 that include a security patch that fixes the reported issue. We also include a few improvements on other units. Update Notice URL...

2.5AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/02/26 2:55 p.m.21 views

JJ Shoutbox, 1.2.6,

JJ Shoutbox, 1.2.6, Other Developer statement This security issue was for version 1.2.6 of JJ Shoutbox. We fixed this issue last night and released version 1.3.0 http://joomjunk.co.uk/products/module-home/shoutbox.htmlchangelog...

7.3AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/02/08 11:0 p.m.21 views

ODude Ecard - DT

ODude Ecard - DT - 777 developer statement - ODude Ecard Version 2.1 http://www.odude.com/main/odude-ecard/ecard-log.html...

7.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/01/25 1:30 a.m.21 views

iRecommend, >= 3.0,

iRecommend, = 3.0, Other XSS & FPD developer states inaccurate report...

1.7AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2013/10/17 6:8 p.m.21 views

jomsocial below 3.0.5.1

jomsocial , 3.0.5.1, SQL Injection Resolved prior to notification...

2.7AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2013/09/25 11:29 p.m.21 views

Mijo Analytics, Joomla 2.5.x,

Mijo Analytics, Joomla 2.5.x, SQL Injection...

2.6AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2013/08/19 8:51 p.m.21 views

joomsport pro and std

joomsport, pro 3.1.1 and std 2.0 , Directory Traversal developers release statement Security notes put in product description and put release notes on our site for both products http://joomsport.com/downloads/components.html?lang=en - Here is the link for standard updated release...

7.1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2012/07/02 12:0 a.m.21 views

[20120902] - Core - XSS Vulnerability

Inadequate escaping of output leads to XSS vulnerability in language switcher module...

6.2AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2012/01/29 12:0 a.m.21 views

[20120203] - Core - Information Disclosure

Inadequate validation leads to path disclosure in administrator...

6.7AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2011/09/09 12:0 a.m.21 views

[20111001] - Core - Information Disclosure

Weak encryption causes potential information disclosure...

6.8AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2008/08/23 12:0 a.m.21 views

[20080902] - Core - Random Number Generation Flaw

A flaw with the random number generation exists which vastly reduces the entropy of system used random functions. This impacts system generated tokens and passwords. The fix increases entropy, and greatly reduces the chance of a generated token being guessed...

6.8AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/23 12:0 a.m.20 views

[20260515] - Core - Incorrect Access Control in sample data plugins

An improper access check allow unauthorized users to perform actions related to the installation of sampledata...

9.8CVSS5.8AI score0.00234EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2025/02/25 12:0 a.m.20 views

[20250301] - Core - Malicious file uploads via Media Manager

Inadequate checks in the Media Manager allowed users with "edit" privileges to create executable PHP files...

7.1CVSS5.9AI score0.00453EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/06/09 12:0 a.m.20 views

[20240705] - Core - XSS in com_fields default field value

The Custom Fields component not correctly filter inputs, leading to a XSS vector...

6.1CVSS5.8AI score0.00447EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/03/20 12:0 a.m.20 views

[20240801] - Core - Inadequate validation of internal URLs

Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not...

6.1CVSS5.8AI score0.00239EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/11/09 12:0 a.m.20 views

JomSocial , 4.7.6, XSS (Cross Site Scripting)

JomSocial , 4.7.6, XSS Cross Site Scripting investigation...

1.7AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/05/26 12:0 a.m.20 views

xcloner,3.53,Other

xcloner,3.53,Other Developer statement Today we have made available a new release — version 3.5.4 — for the unmaintained Joomla version of XCloner. Prior versions of XCloner for Joomla contained an Authenticated Local File Disclosure vulnerability that has been patched in the latest version. Any...

3.3AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/03/25 6:43 p.m.20 views

AcyMailing 5.10.6 Various

AcyMailing 5.10.6 Various new version number 5.10.7 UpdateNotice URL https://www.acyba.com/support/change-log.html Changelog Url https://www.acyba.com/support/change-log.html...

1.6AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/02/25 12:0 a.m.20 views

[20190303] - Core - XSS in media form field

The media form field lacks escaping, leading to a XSS vulnerability...

6.1CVSS2.7AI score0.00754EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/01/15 12:0 a.m.20 views

En Masse, all versions, SQL Injection

En Masse by Matamko.com, all known versions, SQL Injection...

4.1AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/01/01 6:23 p.m.20 views

JB Visa,1.0,SQL Injection

JB Visa by Joombooking.com, 1.0, SQL Injection...

2.9AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/08/21 12:0 a.m.20 views

Zap Calendar, 4.3.6 and previous, SQL Injection

Zap Calendar, 4.3.6, SQL Injection resolution: update to 4.3.7 update notice url: https://zcontent.net/support/zapcalendar/265-change-log-for-zap-calendar...

1AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/05/11 12:0 a.m.20 views

Extra Search by Joomlaboat,2.2.8 and previous,SQL Injection

Extra Search by Joomlaboat, 2.2.8 and previous, SQL Injection...

2.9AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/03/06 11:36 a.m.20 views

JO Facebook gallery,4.5,SQL Injection

JO Facebook gallery by Joomcore.com, 4.5,SQL Injection resolution: update to 4.6 Update Notice URL http://joomcore.com/news-updates/item/109-update-jo-facebook-gallery-to-version-4-6-fixed-problem-sql-injection-in-version-4-5...

0.9AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2016/12/06 6:27 p.m.20 views

AVChat Video Chat Integration Kit, File permissions

AVChat Video Chat Integration Kit, File permissions...

2.4AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2016/04/28 12:0 a.m.20 views

Komento 2.0.6, xss

We just released Komento 2.0.7 to address a security issue where a remote attacker may be able to launch an xss attack in prior versions of Komento. update notice: https://stackideas.com/blog/important-komento-2-0-7-security-fix...

2.4AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2016/04/07 12:0 a.m.20 views

User Group FTW For Hikashop,1.1.5,Other

User Group FTW For Hikashop, 1.1.5, Other...

0.3AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2015/07/23 12:0 a.m.20 views

J2Store by Weblogicx India, 3.1.6 and below, SQL Injections

J2Store by Weblogicx India, 3.1.6 and below, SQL Injections Update: vulnerabilites fixed in version 3.1.7 Announcement: http://j2store.org/j2store-v3.html...

3.1AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2015/06/20 4:25 p.m.20 views

UMI 3D Tag Cloud [mod_umi3dtagcloud], 1.3.4 and below, XSS (Cross Site Scripting)

UMI 3D Tag Cloud modumi3dtagcloud, 1.3.4 and below, XSS Cross Site Scripting...

1.1AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2015/06/20 2:13 p.m.20 views

Escope PrettyPhoto [mod_escope_pp], 1.0.3, XSS (Cross Site Scripting) - abandonware!

Escope PrettyPhoto modescopepp, 1.0.3 and below, XSS Cross Site Scripting...

1.7AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2015/06/20 1:30 p.m.20 views

StarLite Pretty Photo [plg_system_slprettyphoto],1.2, XSS (Cross Site Scripting)

StarLite Pretty Photo plgsystemslprettyphoto, 1.2 and below, XSS Cross Site Scripting...

1.6AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2015/04/12 11:58 p.m.20 views

Joomla Simple Photo Gallery version 1.1

Apptha Joomla Simple Photo Gallery ,comsimplephotogallery version 1.1 and previous, Other...

3.9AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/09/24 3:58 p.m.20 views

Hika Shop

HikaShop 2.3.2 and below also Hika Market 1.4.3 and below Remote code execution Note that developer did not inform the VEL Notice of resolution: http://www.hikashop.com/index.php?option=comcontent=article=269...

7.3AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/08/05 10:43 a.m.20 views

Watchful Client (watchful.li extension), 1.9.0 and lower

Extension was not preventing execution of files outside of the framework, and therefore enabling potential unwanted information disclosure and other attacks using weak hash key implementation. Update to version 1.9.1 : https://watchful.li/news/watchful-1-9-1-released.html...

3.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/06/02 12:14 p.m.20 views

JW player, 5.10.22 xss

JW player, 5.10.2295, XSS Cross Site Scripting Update notice url:http://www.joomlaworks.net/forum/extension-updates/14896-june-3rd,-2014-allvideos-v4-6-0...

0.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/03/08 11:24 a.m.20 views

plg_highlight_button, 1.5 and previious sqli

plghighlightbutton, 1.5 and previious versions, SQL Injection Update notice: http://www.jonijnm.es/web/descargas/category/9-highlight-code.html...

7.8AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2013/11/04 6:30 p.m.20 views

Spider contacts, 1.3.3,

Spider contacts, 1.3.3, SQL Injection Extension Update Details We have fixed the vulnerability on Spider Contacts. We have changed the version to 1.3.4 on JED and also added corresponding text to the description. UpdateNoticeURL http://web-dorado.com/products/joomla-contacts.html...

1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2012/01/07 12:0 a.m.20 views

[20120306] - Core - Information Disclosure

Inadequate permission checking allows unauthorised viewing of administrative back end information...

6.8AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2011/09/09 12:0 a.m.20 views

[20111003] - Core - Information Disclosure

Weak encryption causes potential information disclosure...

6.8AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2011/05/25 12:0 a.m.20 views

[20110602] - Information Disclosure

Inadequate filtering causes possible information disclosure...

6.8AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2009/04/06 12:0 a.m.20 views

[20090602] - Core - ja_purity XSS

A XSS vulnerability exists in the JAPurity template which ships with Joomla! 1.5...

6.3AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/15 12:0 a.m.19 views

[20260514] - Core - Privilege escalation through com_users webservice endpoints

An improper access check allows privelege escalation through the comusers group editing webservice endpoint...

9.8CVSS5.8AI score0.00292EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/06/30 12:0 a.m.19 views

Advanced custom fields, 2.7.7, SQL Injection

Version: Old 2.8.2 / New 2.8.3 Update details: Improved sanitization/escaping of custom field values in v2.8.3 Update URL: https://www.tassos.gr/releases/advanced-custom-fields/advanced-custom-fields-2-8-3?format=htmlChangelog...

7.1AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/07/30 12:0 a.m.19 views

Solidres, 2.13.3, hub plugin XSS (Cross Site Scripting)

https://www.solidres.com/forum/report-bugs/12031-vulnerability-joomla-solidres-2-13-3-reflected-xss...

7.2AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/07/12 12:0 a.m.19 views

quickform, , Other

Developer states exploit is "hack yourself" scenario...

6.9AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/04/03 12:0 a.m.19 views

fabrik 3.9,Various

,fabrik 3.9. Various Issues NOTE: the earlier version number was a mistake by the reporter. new version number 3.9.1 Update Notice URL https://fabrikar.com/blog/87-fabrik-3-9-1-released...

7.1AI score
Exploits0
Total number of security vulnerabilities747