Lucene search
K
JoomlaMost viewed

743 matches found

Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2013/05/31 3:58 p.m.•15 views

flashChart Content Plugin,

flashChart Content Plugin, 1.2.1, XSS Cross Site Scripting Extension Update Details updatet/fixed XSS vulnerability in open-flashchart-swf for external call "get-data" UpdateNoticeURL http://www.jschmidt-systemberatung.de/index.php?lang=en=227...

6.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2012/04/29 12:0 a.m.•15 views

[20120601] - Core - Privilege Escalation

Inadequate checking leads to possible user privilege escalation...

7AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2011/12/19 12:0 a.m.•15 views

[20120103] - Core - Information Disclosure

Inadequate filtering leads to information disclosure...

6.7AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2026/05/04 12:0 a.m.•14 views

[20260520] - Framework - Inadequate content filtering within the cleanAttributes filter code

Lack of input filtering leads to an XSS vector in the HTML filter code...

6.9CVSS5.8AI score0.00144EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2026/04/01 12:0 a.m.•14 views

[20260512] - Core - MFA Authentication Bypass

Incorrectly resetted session states to a vector that allows to bypass 2FA checks...

8.2CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2025/07/23 9:41 p.m.•14 views

rsfiles!

Extension: RSFiles! Version: Old 1.17.7 / New 1.17.8 Update details: Versions affected 1.16.3 through 1.17.7. Allows unauthenticated remote attackers to deny access to service via search component. Fixed in 1.17.8 Update URL:...

7.3AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2023/09/18 12:0 a.m.•14 views

LazyDbBackup, 3.9.0, Other

LazyDbBackup Version: 4.0.8...

6.9AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/05/13 1:34 p.m.•14 views

Akeeba LoginGuard,3.1.1 and all lower versions,Information Disclosure

Akeeba LoginGuard,3.1.1 and all lower versions,Information Disclosure Update via developers website...

3.7AI score
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/11/16 9:15 p.m.•14 views

Jimtawl 2.2.7 - 'id' SQL Injection

Jimtawl 2.2.7 - 'id' SQL Injection Developer statement update to 2.2.8 http://janguo.de/lang-de/joomla-25-higher/joomla-25-jimtawl-2-1.html...

8.4AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/10/14 12:0 a.m.•14 views

kunena,5.1.4,Other

kunena,5.1.4,Other statement post: https://www.kunena.org/blog/198-kunena-5-1-5-released...

7.2AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/10/20 12:0 a.m.•14 views

Google Maps by Reumer, 3.5, Malicious update

Google Maps by Reumer, from mapsplugin.com, version 3.5, malicious update Version 3.3 of this plugin is listed in the JED and appears to be clean. However once installed, the Joomla update manager prompts you to update this extension to a version 3.5 which is not officially published. This versio...

2.3AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/09/29 12:0 a.m.•14 views

Price Alert for Virtuemart,3.0.4,SQL Injection

Price Alert for Virtuemart by WebOrange, 3.0.4 and all previous, SQL Injection...

3.3AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/09/27 6:23 p.m.•14 views

Keen IT Photo Contest, 1.0.2, SQL Injection

Keen IT Photo Contest, 1.0.2, SQL Injection...

2.2AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/09/04 12:0 a.m.•14 views

Akeeba Backup, 5.5.1, various issues

Akeeba Backup, versions 5.5.1 and previous, various issues see developer's site for details Resolution: update to 5.5.2 Update notice: https://www.akeebabackup.com/component/ars/?view=Itemsid=2732...

7AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/09/01 12:0 a.m.•14 views

Event Registration Pro,4.1.3,SQL Injection

Event Registration Pro, 4.1.3 and previous, SQL Injection Resolution: update to version 4.1.4 Update notice: https://www.joomlashowroom.com/blog/event-registration-pro-4-1-4-security-release...

2.7AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/06/24 10:51 p.m.•14 views

JoomRecipe,1.0.3,SQL Injection

JoomRecipe ,1.0.3,SQL Injection UpdateNotice URL https://www.joomboost.com/blog-updates/entry/joomrecipe-version-1-0-4-security-announcement.html changelog Changelog Url https://www.joomboost.com/components-changelogs/60-joomrecipe-changelog.html...

7.1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/15 10:48 a.m.•14 views

J-CruiseReservation,3.0,SQL Injection

J-CruiseReservation by CMS Junkie, 3.0, SQL Injection...

2.3AI score
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/09 12:0 a.m.•14 views

Vehicle Manager,3.9.4,SQL Injection

Vehicle Manager by Ordasoft,3.9.4, SQL Injection Resolution: update to 3.9.5 Update Notice URL http://ordasoft.com/News/News/vehicle-manager-security-update.html...

0.7AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/08 12:0 a.m.•14 views

MediaLibrary,3.5.4, SQL Injection

MediaLibrary by Ordasoft, 3.5.4, SQL Injection Resolution: update to 3.5.5 Update notice: http://ordasoft.com/News/News/media-library-security-update.html...

1.3AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/04/24 12:0 a.m.•14 views

gmapfp,3.39f,XSS (Cross Site Scripting)

gmapfp,3.39f and previos,XSS Cross Site Scripting Info disclosure, arbitrary fileupload resolution: update to J3.41F update notice:http://gmapfp.org/en/news-of-gmapfp/39-strengthening-of-the-security-component...

0.4AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/12/25 10:20 a.m.•14 views

Memberhsip Pro, versions before 2.1.1

Joomdonation extensions, Information Disclosure Memberhsip Pro versions before 2.1.1 Resolution: update to 2.1.1 Update notice URL: http://joomdonation.com/forum/membership-pro/50512-membership-pro-version-2-1-1-released.html...

0.9AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/12/25 10:20 a.m.•14 views

Joom Donation, versions before 4.1, Information Disclosure

Joomdonation extensions, Information Disclosure Joom Donation versions before 4.1 Resolution: update to 4.1 Update notice URL: http://joomdonation.com/forum/joom-donation/50513-joom-donation-version-4-1-released.html...

0.1AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/04/14 12:0 a.m.•14 views

Spider Form Maker by Web-Dorado [com_formmaker],3.4 and lower

Spider Form Maker by Web-Dorado comformmaker,3.4 and lower,SQL Injection Developer statement This vulnerability was fixed in version 3.4.1 and above. The version 3.4.1 was released on 2014-09-10...

4.4AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2013/09/26 3:41 a.m.•14 views

My Blog, 2.0.1 Build 286,

My Blog, 2.0.1 Build 286, SQL Injection...

1.9AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2013/06/01 9:29 p.m.•14 views

Master Password,

Master Password, 1.5 and any previous, Information Disclosure This extension appears to have been abandoned by the developer...

2.8AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2011/10/28 12:0 a.m.•14 views

[20111103] - Core - Password Change

Weak random number generation during password reset leads to possibility of changing a user's password...

7AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2011/07/11 12:0 a.m.•14 views

[20110701] - XSS Vulnerability

Inadequate escaping leads to XSS vulnerability...

6.3AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2008/10/03 12:0 a.m.•14 views

[20081101] - Core - com_content XSS vulnerability

The defaults on comcontent article submission allow entry of dangerous HTML tags script, etc. This only affects users with access level Author or higher, and only if you have not set filtering options in comcontent configuration...

6.8AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2026/04/29 12:0 a.m.•13 views

[20260516] - Core - Incorrect Access Control in com_scheduler

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...

6.4CVSS5.8AI score0.00154EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2026/04/21 12:0 a.m.•13 views

[20260519] - Framework - Inadequate content filtering within the checkAttribute filter code

Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components...

6.9CVSS5.8AI score0.00144EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2026/04/15 12:0 a.m.•13 views

[20260513] - Core - Privilege escalation through com_users batch task

An improper access check allows privlege escalation through the comusers batch task...

9.8CVSS5.8AI score0.00268EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2026/04/01 12:0 a.m.•13 views

[20260511] - Core - MFA Authentication Bypass

Insufficient state checks lead to a vector that allows to bypass 2FA checks...

8.2CVSS5.8AI score0.00297EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2026/03/11 12:0 a.m.•13 views

[20260303] - Core - XSS vector in com_associations comparison view

Lack of output escaping leads to a XSS vector in the multilingual associations component...

8.4CVSS5.8AI score0.00216EPSS
Exploits1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2025/09/29 12:0 a.m.•13 views

[20260102] - Core - XSS vectors in the pagebreak and pagenavigation plugins

Lack of output escaping leads to a XSS vector in the pagebreak and pagenavigation plugins...

8.4CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2025/08/16 10:38 p.m.•13 views

JS Jobs extension (v1.4.2)

JS Jobs extension v1.4.2 sqli...

7.2AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2024/08/29 12:0 a.m.•13 views

[20250101] - Core - XSS vectors in module chromes

Various module chromes didn't properly process inputs, leading to XSS vectors...

6.1CVSS5.9AI score0.00242EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/08/14 7:28 p.m.•13 views

kunena, 5.0.x - 5.1.14 ,XSS (Cross Site Scripting)

kunena, 5.0.x - 5.1.14 ,XSS Cross Site Scripting Developer statement https://www.kunena.org/blog/207-kunena-5-1-14-released...

7.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/12/22 12:0 a.m.•13 views

Next Gen Editor,2.1.0,SQL Injection

Next Gen Editor, 2.1.0, SQL Injection and multiple other vulnerabilities resolution: update to version 2.2.0 update notice: http://nextgeneditor.com/index.php/en/support/forum/installation-issues/3957-new-security-release...

1.7AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/06/05 12:0 a.m.•13 views

Vik Rent Car 1.10 and previous

Vik Rent Car 1.10 and previous, SQL injection Resolution: update to 1.11 Update notice: https://extensionsforjoomla.com/blog/12-updates/46-security-notices-sql-injection-reports...

1AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/16 12:2 p.m.•13 views

J-Hotel Portal,6.0.2,SQL Injection

J-Hotel Portal by cmsjunkie.com, 6.0.2, SQL Injection...

1.9AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/09 10:45 p.m.•13 views

Magic Deals Web by Jason Web Design,1.2.0,SQL Injection

Magic Deals Web by Jason Web Design, 1.2.0, SQL Injection...

1.7AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/01/11 12:0 a.m.•13 views

RSMonials,2.2 and previous,XSS (Cross Site Scripting)

RSMonials, 2.2 and previous versions, XSS Cross Site Scripting also insecure file upload...

2.3AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/12/25 10:20 a.m.•13 views

Eshop, versions before 1.4.4

Joomdonation extensions, Information Disclosure Eshop versions before 1.4.4 Resolution: update to 1.4.4 Update notice URL: http://joomdonation.com/forum/released-versions/50510-eshop-1-4-4-was-released-at-december-25-2015.html73480...

0.6AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/11/06 12:0 a.m.•13 views

cckseblod 1.x Directory Traversal

comcckseblod aka seblod 1.x for Joomla 1.5 1.9.0 and all previous versions Directory Traversal Resolution: update to 1.9.1 Update notice: http://www.seblod.com/changelogs?sebchangelogproduct=cck1x Developer states that Seblod 3.x, the version compatible with Joomla 2.5 and 3, is not vulnerable...

2.5AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/03/07 6:22 p.m.•13 views

Codels codehighlighter 1.4

Codels plgcontentcodehighlighter version 1.4 and previous. XSS Cross Site Scripting...

2AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2013/06/01 9:28 p.m.•13 views

Jinc, all versions,

Jinc, all versions, XSS Cross Site Scripting UpdateNotice URL http://lhacky.altervista.org/jextensions/index.php/component/content/article/21-news/jinc/100-security-issue-on-jinc-1-0-1...

6.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2013/04/29 8:3 p.m.•13 views

civic crm 422

upload exploit /RFI 260413 developer http://civicrm.org/category/civicrm-blog-categories/civicrm-v43 release 4.3.1 Authors:...

7.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2013/02/20 8:37 p.m.•13 views

MT Fire Eagle

LFI http://joomlacode.org/gf/project/jfireeagle/frs/http://www.moto-treks.com 190410 product considered retired and to be replaced by dev Authors:...

7.1AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2026/02/24 12:0 a.m.•12 views

EasyDiscuss by Stackideas,, , SQL Injection

EasyDiscuss by Stackideas,, , SQL Injection...

5.9AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2025/10/19 4:42 p.m.•12 views

Phoca commander

Name: Phoca Company: - Email: [email protected] Extension: Phoca Commander Version: Old 4.0.0, 5.0.1 / New 4.0.2, 5.0.3 Update details: No access for unzip feature as default Update URL: https://github.com/PhocaCz/PhocaCommander/releases/tag/5.0.2 Changelog URL: Download URL:...

7AI score
Exploits0
Total number of security vulnerabilities743