Lucene search
K
JoomlaMost viewed

743 matches found

Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/04/08 12:0 a.m.•30 views

[20150601] - Core - Open Redirect

Inadequate checking of the return value allowed to redirect to an external page...

6.1CVSS6.2AI score0.00714EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/01/26 12:6 p.m.•30 views

Solidres previous to 8.0.0

Solidres previous to 8.0.0 SQL Injection Update to 8.0.0 Update notice URL http://www.solidres.com/blog/2015/01/26/solidres-0-8-0-released/...

0.6AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2012/03/08 12:0 a.m.•30 views

[20120305] - Core - Password Change

Insufficient randomness leads to password reset vulnerability...

7AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2010/01/07 12:0 a.m.•30 views

[20100423] - Core - Password Reset Tokens

When a user requests a password reset, the reset tokens were stored in plain text in the database. While this is not a vulnerability in itself, it allows user accounts to be compromised if there is an extension on the site with an SQL injection vulnerability...

7.9AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2009/04/30 12:0 a.m.•30 views

[20090601] - Core - com_users XSS

A XSS vulnerability exists in the user view of comusers in the administrator panel...

6.2AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2024/07/22 12:0 a.m.•29 views

[20240805] - Core - XSS vectors in Outputfilter::strip* methods

The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors...

6.1CVSS5.9AI score0.00252EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2022/10/13 12:0 a.m.•29 views

[20221001] - Core - Disclosure of critical information in debug mode

Joomla 4 sites with publicly enabled debug mode exposed data of previous requests...

5.3CVSS6AI score0.00502EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2022/02/18 12:0 a.m.•29 views

adblock detector nordmograph

Malicious script New in 2.1 : Miner feature discontinued This is a security release for the 3.x series of Joomla! This release fixes one low level security issues...

7.1AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/01/03 12:0 a.m.•29 views

[20210402] - Core - Inadequate filters on module layout settings

Inadequate filters on module layout settings could lead to an LFI...

5.3CVSS2.9AI score0.01188EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/10/25 12:0 a.m.•29 views

[20210307] - Core - ACL violation within com_content frontend editing

Incorrect ACL checks could allow unauthorized change of the category for an article...

5.3CVSS7.1AI score0.0108EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/06/08 12:0 a.m.•29 views

[20200705] - Core - Escape mod_random_image link

Lack of input filtering and escaping allows XSS attacks in modrandomimage...

6.1CVSS5.8AI score0.03185EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/12/18 12:0 a.m.•29 views

[20200102] - Core - CSRF com_templates LESS compiler

A missing CSRF token check in the LESS compiler of comtemplates causes a CSRF vulnerability...

8.8CVSS8.3AI score0.00845EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/08/08 12:0 a.m.•29 views

JS support ticket,1.1.5,Directory Traversal

JS support ticket,1.1.5,Directory Traversal resolution: update to 1.1.6 update notice: https://joomsky.com/products/js-ticket-joomla.html...

7.1AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/11/13 12:0 a.m.•29 views

[20190201] - Core - Lack of URL filtering in various core components

Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability...

6.1CVSS7.3AI score0.008EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/05/07 12:0 a.m.•29 views

[20180602] - Core - XSS vulnerability in language switcher module

In some cases the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page url...

6.1CVSS7.3AI score0.01413EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/09/14 12:0 a.m.•29 views

Survey Force Deluxe,3.2.4,SQL Injection

Survey Force Deluxe by Joomplace, 3.2.4, SQL Injection resolution: update to 3.2.5 update notice: https://www.joomplace.com/blog/survey-3-2-5-patch.html...

0.8AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/06/22 12:0 a.m.•29 views

[20170703] - Core - XSS Vulnerability

Inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components...

6.1CVSS6.2AI score0.01333EPSS
Exploits2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/08/19 12:0 a.m.•29 views

J-BusinessDirectory 4.5.4 and previous

J-BusinessDirectory 4.5.4 and previous sql injection resolution: update to 4.5.5 update notice: http://www.cmsjunkie.com/blog/joomlabusinessdirectory4-5-5release/...

1AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/02/29 12:0 a.m.•29 views

Breezing Forms Full

Breezing Forms Full before build 884 Information disclosure Resolution: update to latest version Update notice: https://crosstec.org/en/blog/859-breezingforms-medium-security-update.html...

0.3AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/09/03 12:0 a.m.•29 views

JEvents, pre 3.2.20

Extension: JEvents from jevents.net Vulnerability: SQL injection Versions affected prior to 3.2.20 Resolution: update to 3.2.20 - JEvents 3.4.0RC6 is also available for Joomla 3.4+ which fixes the same security issue. Update notice URL: https://www.jevents.net/component/zoo/item/jevents-33...

2.7AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2008/08/12 12:0 a.m.•29 views

[20080801] - Core - Password Remind Functionality

A flaw in the reset token validation mechanism allows for non-validating tokens to be forged. This will allow an unauthenticated, unauthorized user to reset the password of the first enabled user lowest id. Typically, this is an administrator user. Note, that changing the first users username may...

6.8AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2024/06/08 12:0 a.m.•28 views

[20240703] - Core - XSS in StringHelper::truncate method

Improper handling of input could lead to an XSS vector in the StringHelper::truncate method...

6.1CVSS5.8AI score0.00442EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2022/10/28 12:0 a.m.•28 views

[20221101] - Core - RXSS through reflection of user input in com_media

Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in commedia...

6.1CVSS6.4AI score0.00455EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/01/13 12:0 a.m.•28 views

[20210302] - Core - Potential Insecure FOFEncryptRandval

The core shipped but unused randval implementation within FOF FOFEncryptRandval used an potential insecure implemetation. That has now been replaced with a call to "randombytes" and its backport that is shipped within randomcompat...

9.1CVSS8.9AI score0.01567EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/01/12 12:0 a.m.•28 views

[20210301] - Core - Insecure randomness within 2FA secret generation

Usage of the insecure rand function within the process of generating the 2FA secret.Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes...

7.1AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/08/09 12:0 a.m.•28 views

Easy Discuss 4.1.9 SQL Injection

Easy Discuss 4.1.9 by Stack Ideas, SQL Injection Resolution: update to 4.1.10 update notice: https://stackideas.com/blog/important-security-update-for-easydiscuss4-1-10...

7.8AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/02/02 12:0 a.m.•28 views

[20180505] - Core - XSS Vulnerabilities & additional hardening

Inadequate input filtering leads to multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack...

4.8CVSS3.5AI score0.0105EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/11/17 12:0 a.m.•28 views

[20180103] - Core - XSS vulnerability in Uri class

Inadequate input filtering in the Uri class formerly JUri leads to a XSS vulnerability...

6.1CVSS7.3AI score0.02031EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/06/05 12:0 a.m.•28 views

Vik Rent Items 1.3 and previous

Vik Rent Items 1.3 and previous SQL injection Resolution:update to version 1.4 Update notice: https://extensionsforjoomla.com/blog/12-updates/46-security-notices-sql-injection-reports...

2AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/05/06 12:0 a.m.•28 views

Yeeditor, abandonware

Yeeditor from Yeedeen development apparently abandoned, developer's site is infected with malware All versions prior to 1.0.7 contain file upload vulnerability...

3.3AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/04/29 12:0 a.m.•28 views

[20170406] - Core - ACL Violations

Inadequate filtering of form contents lead allow to overwrite the author of an article...

5.3CVSS3.4AI score0.00998EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/04/15 12:0 a.m.•28 views

[20161203] - Core - Information Disclosure

Inadequate ACL checks in the Beez3 comcontent article layout override enables a user to view restricted content...

7.5CVSS2.1AI score0.01363EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2013/05/05 11:48 p.m.•28 views

bo:VideoJS, 2.1.1,

bo:VideoJS, 2.1.1, xss From developerhttp://www.boeschung.de/en/joomla/bo-videojs/video-js-v320...

7.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2012/01/07 12:0 a.m.•28 views

[20120101] - Core - Information Disclosure

Inadequate filtering leads to information disclosure...

6.7AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2024/05/23 12:0 a.m.•27 views

[20240802] - Core - Cache Poisoning in Pagination

The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors...

9.1CVSS5.9AI score0.00441EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2024/01/09 12:0 a.m.•27 views

[20240203] - Core - XSS in media selection fields

Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions...

6.1CVSS5.8AI score0.00513EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/09/28 12:0 a.m.•27 views

Balbooa Forms, 2.0.6 (not tested on others), SQL Injection

Balbooa Forms, 2.0.6 , SQL Injection...

3.3AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/08/22 12:0 a.m.•27 views

jDownloads,3.2.64,SQL Injection

jDownloads,3.2.64,SQL Injection Developers update http://www.jdownloads.com/index.php/downloads/download/6-jdownloads/2-jdownloads-3-2.htmljd65...

7.5AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/02/28 12:0 a.m.•27 views

[20190304] - Core - Missing ACL check in sample data plugins

The sample data plugins lack ACL checks, allowing unauthorized access...

7.5CVSS3.6AI score0.01686EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/04/27 12:0 a.m.•27 views

[20180503] - Core - Information Disclosure about unpublished tags

Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission...

4.3CVSS6.9AI score0.01446EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/04/03 12:0 a.m.•27 views

JobGrok,versions 3.1, SQL Injection

JobGrok Listing - V3.1-1.2.58 and prior was vulnerable - comjobgroklist Resolution: update to V3.1-1.2.59 JobGrok Application - V3.1-1.2.55 and prior was vulnerable - comjobgrokapp Resolution: update to V3.1-1.2.56 JobGrok Premium - V3.1-1.6.69 and prior was vulnerable - comjobgrok Resolution:...

1.7AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/09 11:1 p.m.•27 views

Eventix Events Calendar by Informafix,1.0,SQL Injection

Eventix Events Calendar by Informafix, 1.0, SQL Injection...

2.3AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/01/04 12:0 a.m.•27 views

Kunena, 5.0.2 and newer, XSS (Cross Site Scripting)

Kunena,5.0.2 and newer,XSS Cross Site Scripting resolutiion: update to 5.0.5 update notice: https://www.kunena.org/forum/announcement/id-107...

0.5AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/12/23 12:0 a.m.•27 views

[20170402] - Core - XSS Vulnerability

Inadequate filtering leads to XSS in the template manager component...

6.1CVSS1.6AI score0.00787EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/06/25 12:0 a.m.•27 views

Contus HD Video Share (aka HDVideoShare) by Apptha [com_contushdvideoshare], 3.5 and below, Directory Traversal

Contus HD Video Share by Apptha comcontushdvideoshare, 3.5 and below, Directory Traversal...

3AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/06/22 12:0 a.m.•27 views

BK Multithumb for Joomla 1.5, 2.5.0.4, XSS (Cross Site Scripting)

BK-Multithumb for Joomla 1.5, 2.5.0.4, XSS Cross Site Scripting Extension contains known vulnerable version of JS library prettyPhoto The vulnerability in JS file was patched by extension author on basis of 3.1.2 file. Update notice: http://joomla.rjews.net/bk-multithumb...

6.2AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/06/20 4:54 p.m.•27 views

Zen Library [zen], 1.0.2 and below, XSS (Cross Site Scripting)

Zen Library zen, 1.0.2, XSS Cross Site Scripting...

6.3AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2023/02/28 12:0 a.m.•26 views

[20230501] - Core - Open Redirects and XSS within the mfa selection

Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen...

6.1CVSS6.8AI score0.00406EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2023/02/07 12:0 a.m.•26 views

J-BusinessDirectory, 5.7.7 and prior, Other

In the J-BusinessDirectory version 5.8.3 we have updated guzzlehttp to the latest version, 7.5.0 and to PSR 2.1.5...

1.6AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/09/23 12:0 a.m.•26 views

[20220303] - Core - User row are not bound to a authentication mechanism

A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover...

9.8CVSS3.8AI score0.01098EPSS
Exploits0Affected Software1
Total number of security vulnerabilities743