Lucene search
K
JoomlaMost viewed

725 matches found

Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/09 11:1 p.m.•26 views

Eventix Events Calendar by Informafix,1.0,SQL Injection

Eventix Events Calendar by Informafix, 1.0, SQL Injection...

2.3AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/01/04 12:0 a.m.•26 views

Kunena, 5.0.2 and newer, XSS (Cross Site Scripting)

Kunena,5.0.2 and newer,XSS Cross Site Scripting resolutiion: update to 5.0.5 update notice: https://www.kunena.org/forum/announcement/id-107...

0.5AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/06/22 12:0 a.m.•26 views

BK Multithumb for Joomla 1.5, 2.5.0.4, XSS (Cross Site Scripting)

BK-Multithumb for Joomla 1.5, 2.5.0.4, XSS Cross Site Scripting Extension contains known vulnerable version of JS library prettyPhoto The vulnerability in JS file was patched by extension author on basis of 3.1.2 file. Update notice: http://joomla.rjews.net/bk-multithumb...

6.2AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/06/20 4:54 p.m.•26 views

Zen Library [zen], 1.0.2 and below, XSS (Cross Site Scripting)

Zen Library zen, 1.0.2, XSS Cross Site Scripting...

6.3AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/09/16 8:37 p.m.•26 views

EuropaCart, 8.0.1 and below ,

EuropaCart, 8.0.1, Other - ACL @Kryptronic...

2AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2009/09/05 12:0 a.m.•26 views

[20091103] - Core - Front-End Editor Issue

When logged into the front end with Author access, it was possible to replace an article written by another user...

6.9AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2008/11/20 12:0 a.m.•26 views

[20090101] - Core - JSession SSL Session Disclosure

When running a site under SSL ONLY the entire site is forced to be under ssl, Joomla! does not set the SSL flag on the cookie. This can allow someone monitoring the network to find the cookie related to the session. Please note that all data is still transferred securely...

6.7AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2024/07/22 12:0 a.m.•25 views

[20240803] - Core - XSS in HTML Mail Templates

Joomla! CMS versions 4.0.0-4.4.6, 5.0.0-5.1.2...

6.1CVSS6.9AI score0.00252EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2024/06/30 12:0 a.m.•25 views

Phoca Gallery, 5.0.0, XSS (Cross Site Scripting)

Update to 4.4.3, 4.5.0,5.0.1...

7.2AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2023/06/01 12:0 a.m.•25 views

HikaShop Joomla Plugin, , SQL Injection

anyone with access to the order management in the backend of HikaShop to be able to use a MySQL injection to extract data from the database. "payment methods" restriction setting to custom fields of the "order" table in HikaShop 4.4.1, so prior versions of HikaShop are not impacted...

7.1AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/05/07 12:0 a.m.•25 views

[20210303] - Core - XSS within alert messages showed to users

Missing filtering of messages showed to users that could lead to xss issues...

6.1CVSS7.6AI score0.00942EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/01/17 12:0 a.m.•25 views

[20190203] - Core - Additional warning in the Global Configuration textfilter settings

"No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior but might be unexpected for the user. An additional message is now shown in the configuration dialog...

6.1CVSS7.8AI score0.00924EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/03/08 12:0 a.m.•25 views

[20180501] - Core - ACL violation in access levels

Inadequate checks allowed users to modify the access levels of user groups with higher permissions...

8.8CVSS4.6AI score0.0322EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/08/29 12:0 a.m.•25 views

LMS King Pro, SQL Injection

LMS King Lite and LMS King Professional by king-products.net, versions up to 3.2.3.19 lite and 3.2.3.47 pro, SQL Injection resolution: update to version 3.2.3.20 lite and 3.2.3.48 pro update notice url: https://www.king-products.net/lms-king.html...

1.4AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/12/06 12:0 a.m.•25 views

JS Jobs,1.1.5 and all previous,SQL Injection

JS Jobs,1.1.5 and all previous,SQL Injection Resolution: update to version 1.1.6 Update notice: https://www.joomsky.com/products/js-jobs.htmlfive...

2.3AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/11/12 12:51 p.m.•25 views

AceShop, up to version 4.1.3,

AceShop, up to version 4.1.3, SQL Injection...

3AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/06/02 2:52 p.m.•25 views

Joomlaworks allvideos

Joomlaworks allvideos plugin version 4.5.0 and previous XSS cross-site scripting Extension Update Details The new 4.6.0 version released replaces the XSS affected JW Player v5 with the newest v6. UpdateNoticeURL http://www.joomlaworks.net/forum/extension-updates/14896-june-3rd,-2014-allvideos-v4-...

6AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2013/06/21 5:54 a.m.•25 views

Unite Horizontal Carousel

Unite Horizontal Carousel, , Directory Traversal Updated the extension, fixed the bug, the new version is 1.1 UpdateNoticeURL http://unitecms.net/news...

7.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2011/08/02 12:0 a.m.•25 views

[20110902] - Core - XSS Vulnerability

Inadequate escaping leads to XSS vulnerability in back end...

6.2AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2026/03/16 12:0 a.m.•24 views

[20260305] - Core - Arbitrary file deletion in com_joomlaupdate

Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism...

8.6CVSS5.9AI score0.00454EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/02/19 12:0 a.m.•24 views

ccNewsletter 2.2.3 security release

there is a SQL injection issue in ccNewsletter. I advice everyone using a ccNewsletter version before 2.2.2 to upgrade! You can download ccNewsletter 2.2.3 from our downloads section here. https://www.chillcreations.com/downloads/ccnewsletterreltabs-145-notes...

8AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/01/08 12:0 a.m.•24 views

Easy Discuss, 4.0.20, XSS

Easy Discuss by Stackideas, versions 4.0.20 and previous, XSS Resolution: update to 4.0.21 update notice: https://stackideas.com/blog/easydiscuss4021-update...

1.9AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/09/27 12:0 a.m.•24 views

Quiz Deluxe,3.7.4,SQL Injection

Quiz Deluxe by joomplace, 3.7.4, SQL Injection resolution: update to 3.7.5 update notice: https://www.joomplace.com/blog/secure-your-quiz.html...

0.9AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/08/17 12:0 a.m.•24 views

Bye Bye Password,1.0.4,Information Disclosure

Bye Bye Password by Ready Bytes, versions 1.0.4 and previous, Information Disclosure Also the installer includes a tracking script...

1.9AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/08 12:0 a.m.•24 views

MultiTier,3.1,SQL Injection

MultiTier by Beesto.com, 3.1, SQL Injection...

2.3AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/06 12:0 a.m.•24 views

Canonical Url,4.1.1,SQL Injection

Canonical Url by CMSPlugin.com, 4.1.1, SQL Injection Resolution: update to 4.2.1 Update notice: https://www.cmsplugin.com/products/components/4-canonical-url...

0.4AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/01/02 12:0 a.m.•24 views

[20170401] - Core - Information Disclosure

Mail sent using the JMail API leaked the used PHPMailer version in the mail headers...

5.3CVSS5.7AI score0.01129EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/07/19 12:0 a.m.•24 views

[20160803] - Core - CSRF

Add additional CSRF hardening in comjoomlaupdate...

6.9AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/05/21 12:0 a.m.•24 views

mod fancy tag cloud,1.017,Other

mod fancy tag cloud comofflajninstaller,1.017,Other resolution: update to version 1.020 update notice: http://fancytagcloud.demo.offlajn.com/index.php/security-update existing users may also need to fix folder permissions, please contact the developer for further information...

0.4AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/04/29 12:0 a.m.•24 views

[20160801] - Core - ACL Violation

Inadequate ACL checks in comcontent provide potential read access to data which should be access restricted to users with editown level...

6.6AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2011/11/16 12:0 a.m.•24 views

[20120102] - Core - XSS Vulnerability

Inadequate filtering leads to XSS vulnerability...

6.3AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2009/05/05 12:0 a.m.•24 views

[20090603] - Core - Frontend XSS

Some values were output from the database without being properly escaped. Most strings in question were sourced from the administrator panel...

6.9AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2024/06/03 12:0 a.m.•23 views

[20240702] - Core - Self-XSS in fancyselect list field layout

The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector...

5.4CVSS5.8AI score0.00424EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2022/10/07 12:0 a.m.•23 views

[20221002] - Core - RXSS through reflection of user input in headings

Joomla! CMS versions 4.0.0-4.2.3...

6.1CVSS2.7AI score0.00359EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/05/07 12:0 a.m.•23 views

[20200701] - Core - CSRF in com_installer ajax_install endpoint

A missing token check in the ajaxinstall endpoint cominstaller causes a CSRF vulnerability...

6.9AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/04/25 12:0 a.m.•23 views

Phoca Gallery,4.3.15 prior,Other

Phoca Gallery,4.3.15 prior,Other Update Notice URL https://www.phoca.cz/news/1029-phoca-gallery-4-3-17-released...

0.5AI score
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/02/04 4:30 p.m.•23 views

Easy Shop ,1.2.3 ,Other

Easy Shop ,1.2.3 ,Other Developer update 1.2.4 https://www.joomtech.net/blog/easyshop-1-2-4-security-issues-fixed Developer did not tellvel...

7.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/01/16 12:0 a.m.•23 views

[20190204] - Core - Stored XSS issue in the Global Configuration help url #2

Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS...

6.1CVSS7.7AI score0.008EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/10/15 12:0 a.m.•23 views

CW Article Attachments (Pro Version), SQL Injection

CW Article Attachments Pro Version from cwjoomla.com, versions 2.1.0 and previous, SQL Injection resolution: update to 2.1.2 update notice: http://www.cwjoomla.com/download-cw-article-attachments...

2.3AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/01/01 12:0 a.m.•23 views

User Bench 1.0, sql injection

User Bench by gegabyte.org, version 1.0, sql injection resolution: update to version 1.1 update notice: http://www.gegabyte.org/downloads/joomla-extensions/joomla3/components/307-user-bench...

1.1AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/12/15 3:30 p.m.•23 views

JBuildozer,1.4.1,SQL Injection

JBuildozer,1.4.1,SQL Injection...

1.8AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/10/03 12:0 a.m.•23 views

NS Download Shop, 2.2.6, SQL Injection

NS Download Shop, 2.2.6, SQL Injection Resolution: update to 2.2.8 Update notice: https://nswd.co/extensions/help-desk/security-release-v2-2-8...

0.8AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/07/08 12:0 a.m.•23 views

[20180507] - Core - Session deletion race condition

A long running background process, such as remote checks for core or extension updates, could create a race condition where a session which was expected to be destroyed would be recreated...

5.9CVSS2.3AI score0.01333EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/05/17 12:0 a.m.•23 views

[20171103] - Core - Information Disclosure

A logic bug in comfields exposed read-only information about a site's custom fields to unauthorized users...

4.3CVSS6.6AI score0.0153EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/04/06 12:0 a.m.•23 views

[20170704] - Core - Installer: Lack of Ownership Verification

The CMS installer application lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control...

8.8CVSS8.4AI score0.02182EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/18 10:33 a.m.•23 views

Directorix Directory Manager,1.1.1,SQL Injection

Directorix Directory Manager,1.1.1,SQL Injection...

2AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/12 12:0 a.m.•23 views

Joomloc-lite by joomloc.fr,1.3.3,SQL Injection

Joomloc-lite by joomloc.fr, 1.3.3, SQL Injection Resolution: update to 1.4.1 Update Notice URL http://www.joomloc.fr.nf/telecharger/file/joomloc-lite-free-3.html...

0.5AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/11 12:58 p.m.•23 views

Google Map Store Locator by Matamko,4.0,SQL Injection

Google Map Store Locator by Matamko, 4.0, SQL Injection...

1.9AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/02/02 12:0 a.m.•23 views

kunena,4.0.10,Information Disclosure

kunena,4.0.10,Information Disclosure Developers update link https://www.kunena.org/blog/166-kunena-4-0-11-released...

7.2AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/02/28 12:0 a.m.•23 views

[20170405] - Core - XSS Vulnerability

Inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component...

6.1CVSS1.5AI score0.00787EPSS
Exploits0Affected Software1
Total number of security vulnerabilities725