Lucene search
K
JoomlaMost viewed

743 matches found

Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2013/04/27 2:51 p.m.19 views

aiContactSafe 2.0.19

xss 160413 developer release statement for version 2.0.21 Authors:...

7.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2012/01/07 12:0 a.m.19 views

[20120306] - Core - Information Disclosure

Inadequate permission checking allows unauthorised viewing of administrative back end information...

6.8AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2011/09/09 12:0 a.m.19 views

[20111003] - Core - Information Disclosure

Weak encryption causes potential information disclosure...

6.8AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2011/05/25 12:0 a.m.19 views

[20110602] - Information Disclosure

Inadequate filtering causes possible information disclosure...

6.8AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2009/04/06 12:0 a.m.19 views

[20090602] - Core - ja_purity XSS

A XSS vulnerability exists in the JAPurity template which ships with Joomla! 1.5...

6.3AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/15 12:0 a.m.18 views

[20260514] - Core - Privilege escalation through com_users webservice endpoints

An improper access check allows privelege escalation through the comusers group editing webservice endpoint...

9.8CVSS5.8AI score0.00292EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2025/11/14 12:0 a.m.18 views

[20260101] - Core - Inadequate content filtering for data URLs

Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags...

8.4CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/09/19 12:0 a.m.18 views

[20250102] - Core - XSS vector in the id attribute of menu lists

Lack of output escaping in the id attribute of menu lists...

7.5CVSS5.9AI score0.00404EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/06/30 12:0 a.m.18 views

Advanced custom fields, 2.7.7, SQL Injection

Version: Old 2.8.2 / New 2.8.3 Update details: Improved sanitization/escaping of custom field values in v2.8.3 Update URL: https://www.tassos.gr/releases/advanced-custom-fields/advanced-custom-fields-2-8-3?format=htmlChangelog...

7.1AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/07/30 12:0 a.m.18 views

Solidres, 2.13.3, hub plugin XSS (Cross Site Scripting)

https://www.solidres.com/forum/report-bugs/12031-vulnerability-joomla-solidres-2-13-3-reflected-xss...

7.2AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/11/09 12:0 a.m.18 views

JomSocial , 4.7.6, XSS (Cross Site Scripting)

JomSocial , 4.7.6, XSS Cross Site Scripting investigation...

1.7AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/05/26 12:0 a.m.18 views

xcloner,3.53,Other

xcloner,3.53,Other Developer statement Today we have made available a new release — version 3.5.4 — for the unmaintained Joomla version of XCloner. Prior versions of XCloner for Joomla contained an Authenticated Local File Disclosure vulnerability that has been patched in the latest version. Any...

3.3AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/04/03 12:0 a.m.18 views

fabrik 3.9,Various

,fabrik 3.9. Various Issues NOTE: the earlier version number was a mistake by the reporter. new version number 3.9.1 Update Notice URL https://fabrikar.com/blog/87-fabrik-3-9-1-released...

7.1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/05/19 7:21 a.m.18 views

eXtplorer 2.1.12 various

eXtplorer 2.1.12 various Update Notice URL https://extplorer.net/news/24...

0.6AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/02/23 12:0 a.m.18 views

Edocman,1.1.17,SQL Injection

Edocman,1.1.17,SQL Injection Extension Update Details Fix security issue on Joomla SQL injection from previous Edocman version. new version number 1.11.8 UpdateNotice URL...

8.4AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/11/24 11:52 a.m.18 views

music collection, 3.0.3 ,SQL Injection

music collection, 3.0.3 ,SQL Injection Developer statement: currently at version 3.0.6, this was already fixed in 3.0.4...

4.4AI score
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/01/15 12:0 a.m.18 views

En Masse, all versions, SQL Injection

En Masse by Matamko.com, all known versions, SQL Injection...

4.1AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/12/15 3:31 p.m.18 views

JEXTN Video Gallery 3.0.5 - SQL Injection, 3.0.5 ,SQL Injection

JEXTN Video Gallery 3.0.5 - SQL Injection, 3.0.5 ,SQL Injection...

3AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/10/24 12:0 a.m.18 views

JS Jobs,1.1.8, RCE

JS Jobs, 1.1.8, Remote code execution - includes free and pro versions resolution: update to 1.1.9 update notice: http://www.joomsky.com/products/js-jobs.html...

2.7AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/03/16 12:0 a.m.18 views

AppointmentBookingPro,4.0.1,SQL Injection

AppointmentBookingPro, 4.0.1, SQL Injection Resolution: update to 4.0.2 RC2 Update notice: https://appointmentbookingpro.com/support2/an2/17169-joomla-vel.html...

0.9AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/03/05 12:0 a.m.19 views

Abstract manager, 2.1

Abstract manager by joomla6teen.com, 2.1, SQL Injection...

2.4AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/03/05 12:0 a.m.18 views

community quiz,4.4.1,SQL Injection

community quiz by corejoomla.com, 4.4.1, SQL Injection Resolution: update to 4.4.2 Update Notice: https://www.corejoomla.com/news/1164-community-quiz-v4-4-2-is-released.html...

1AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/02/02 11:21 a.m.18 views

hwdVideoShare,N/A

hwdVideoShare,N/A,SQL Injection Dev Statement The hwdVideoShare comhwdvideoshare extension was retired 3 years ago, and we deleted it from the Joomla Extensions Directory. It was replaced by a completely new extension called HWDMediaShare...

7.5AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/02/02 12:0 a.m.18 views

Community Builder versions 2.1 and previous

Community Builder Versions 2.1.0 and previous contain versions of 3rd party libraries with known vulnerabilities: PHPMailer and Guzzle Release 2.1.1 updates to version 5.2.22 of PHP Mailer provides custom fix for Guzzle library Developer states that this is precautionary only, and that these...

7.5AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2016/10/24 12:0 a.m.18 views

HDW Player, 3.2.1 and older

HDW Player, 3.2.1 and older including 3.1 and 3.0 Remote code execution Please see https://vel.joomla.org/vel-blog/2033-hdw-player-4-0-0-rce for further information...

7.4AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2015/12/25 10:20 a.m.18 views

Events Booking, versions before 2.1.1

Joomdonation extensions, Information Disclosure Events Booking versions before 2.1.1 Resolution: update to 2.1.1 Update notice URL: http://joomdonation.com/forum/events-booking-general-discussion/50511-events-booking-version-2-1-1-released.html...

6.8AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2015/09/02 12:0 a.m.18 views

Joomla GoogleSearch (CSE), 3.0.2 and below, any Joomla

Joomla GoogleSearch CSE, 3.0.2 and below, any Joomla, XSS Cross Site Scripting Resolution: update to version 3.0.4 Update Notice: http://www.kksou.com/php-gtk2/joomla-news/important-notice-googlesearch-cse-component.php...

0.7AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2015/06/21 12:0 a.m.18 views

Responsive Portfolio Wall [mod_repowa], 1.0 and below, XSS (Cross Site Scripting)

Responsive Portfolio Wall modrepowa, 1.0, XSS Cross Site Scripting Extension includes vulnerable version of JS library prettyPhoto Vulnerability fixed in version 1.1 Update notice: http://www.joomlabusiness.net/module/responsive-portfolio-wall...

6.2AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2015/04/12 11:58 p.m.18 views

Joomla Simple Photo Gallery version 1.1

Apptha Joomla Simple Photo Gallery ,comsimplephotogallery version 1.1 and previous, Other...

3.9AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2015/04/12 7:39 p.m.18 views

AllVideos version 4.6.1 and previous

AllVideos by Joomlaworks version 4.6.1 and previous XSS Cross Site Scripting Resolution: update to version 4.7.0 Update notice url: http://www.joomlaworks.net/forum/product-updates/41200-april-20th,-2015-allvideos-v4-7-0...

7.1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2015/04/07 12:0 a.m.18 views

spider random articles 1.5.0 and previous

spider random articles, all versions prior to 1.5.1 SQL Injection Version 1.5.1 is a "Security Release" and those who use Random Article version under 1.5.1 should upgrade immediately to the latest version!...

4.3AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2015/02/13 5:21 p.m.18 views

Gallery WD version 1.2.3 and previous

Gallery WD version 1.2.3 and previous XSS Cross Site Scripting Resolution: Update to version 1.2.5 Update notice URL: http://web-dorado.com/products/joomla-gallery.html...

0.8AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2015/01/16 2:31 a.m.18 views

corephp paGo, LFI 1.0.7 and below

Corephp paGo, , DT, LFI Developer update statement http://www.corephp.com/blog/corephp-announces-immediate-availability-pago-commerce-1-07-1/...

7.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/11/12 12:47 p.m.18 views

MijoShop, 2.4.x - 2.5.x,

MijoShop, 2.4.x - 2.5.x, SQL Injection Extension Update Details 2.5.2 UpdateNoticeURL http://miwisoft.com/blog/mijoshop-252-security-update-released...

7.8AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/06/08 12:0 a.m.18 views

K2 Content Extension, 2.6.8,

K2 Content Extension, 2.6.8, XSS Cross Site Scripting resolution update to version 2.6.9...

2.3AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/02/08 9:53 p.m.18 views

ODude Profile

ODude Profile Directory Traversal vulnerability - 777 developer statement ODude Profile | 3.2 | http://www.odude.com/main/profile/profile-changelog.html ---|---|---...

7.1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2014/02/02 2:24 p.m.18 views

JomSocial component pre 3.1.0.1

JomSocial component 3.1.0.1 RFI The new version number is 3.1.0.4 http://www.jomsocial.com/blog/hot-fix-3-1-0-4...

7.1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2013/02/20 8:37 p.m.18 views

worldrates

http://dev.pucit.edu.pk/120410 Authors:...

7.2AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2010/02/21 12:0 a.m.18 views

[20100423] - Core - Negative Values for Limit and Offset

If a user entered a URL with a negative query limit or offset, a PHP notice would display revealing information about the system...

6.8AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2008/08/29 12:0 a.m.18 views

[20080903] - Core - com_mailto Spam

The mailto component does not verify validity of the URL prior to sending...

6.9AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2008/08/26 12:0 a.m.18 views

[20080904] - Core - Redirect Spam

Several components utilize a passed in URL to redirect to after processing. These URLs are not validated prior to the redirect. A crafted URL can cause the system to redirect to a spam or phishing site...

6.7AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/20 12:0 a.m.17 views

[20260518] - Core - Transport encryption downgrade for password and username reset links

The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set...

9.8CVSS5.8AI score0.0019EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/02/20 12:0 a.m.17 views

[20240701] - Core - XSS in accessible media selection field

Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field...

6.1CVSS5.8AI score0.00442EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/07/25 12:0 a.m.17 views

bagallery , , Other

Developer statement Old 1.1 / New 1.2 Update details: We have thoroughly tested all the code in our component to ensure it is free of any security issues. Update URL: https://bestaddon.com/product/ba-gallery/Changelog...

7.3AI score
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/07/12 12:0 a.m.17 views

quickform, , Other

Developer states exploit is "hack yourself" scenario...

6.9AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/04/22 12:0 a.m.17 views

kunena, ,XSS (Cross Site Scripting)

kunena,5.1.3,XSS Cross Site Scripting...

1.6AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/03/27 12:0 a.m.17 views

[20190502] - Core - By-passing protection of Phar Stream Wrapper Interceptor

In Joomla 3.9.3, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the Joomla core. In order to intercept file invocations like fileexists or stat on compromised Phar archives the base name has to be determined and...

1.6AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/03/03 12:0 a.m.17 views

Kunena,5.1.9,XSS (Cross Site Scripting)

Kunena,5.1.9,XSS Cross Site Scripting https://www.kunena.org/blog/203-kunena-5-1-10-released...

7.1AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/01/20 4:18 p.m.17 views

JoomCRM 1.1.1

new version number 1.1.2 https://www.joomboost.com/blog-updates/joomcrm-version-1-1-2-security-announcement.html...

0.7AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/10/15 12:0 a.m.17 views

CW Article Attachments (Free Version), SQL Injection

CW Article Attachments Free Version from cwjoomla.com, versions 1.0.6 and previous, SQL Injection resolution: update to 1.0.7 update notice: http://www.cwjoomla.com/download-cw-article-attachments...

2.1AI score
Exploits0References3Affected Software1
Total number of security vulnerabilities743