Lucene search
K
JoomlaMost viewed

743 matches found

Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/02/25 12:0 a.m.•26 views

[20190302] - Core - XSS in item_title layout

The itemtitle layout in edit views lacks escaping, leading to a XSS vulnerability...

6.1CVSS1.7AI score0.00754EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/10/07 12:0 a.m.•26 views

[20190205] - Core - XSS Issue in core.js writeDynaList

Inadequate parameter handling in JS code could lead to an XSS attack vector...

6.1CVSS7.5AI score0.008EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/09/26 12:0 a.m.•26 views

[20181005] - Core - CSRF hardening in com_installer

Added additional CSRF hardening in cominstaller actions in the backend...

8.8CVSS8.6AI score0.0098EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/12/27 12:0 a.m.•26 views

[20181004] - Core - ACL Violation in com_users for the admin verification

In case that an attacker gets access to the mail account of an user who can approve admin verifications in the registration process he can activate himself...

8.8CVSS8.5AI score0.019EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/12/06 12:0 a.m.•26 views

JS Jobs,1.1.5 and all previous,SQL Injection

JS Jobs,1.1.5 and all previous,SQL Injection Resolution: update to version 1.1.6 Update notice: https://www.joomsky.com/products/js-jobs.htmlfive...

2.3AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/11/12 12:51 p.m.•26 views

AceShop, up to version 4.1.3,

AceShop, up to version 4.1.3, SQL Injection...

3AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/09/16 8:37 p.m.•26 views

EuropaCart, 8.0.1 and below ,

EuropaCart, 8.0.1, Other - ACL @Kryptronic...

2AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2009/09/05 12:0 a.m.•26 views

[20091103] - Core - Front-End Editor Issue

When logged into the front end with Author access, it was possible to replace an article written by another user...

6.9AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2008/11/20 12:0 a.m.•26 views

[20090101] - Core - JSession SSL Session Disclosure

When running a site under SSL ONLY the entire site is forced to be under ssl, Joomla! does not set the SSL flag on the cookie. This can allow someone monitoring the network to find the cookie related to the session. Please note that all data is still transferred securely...

6.7AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2024/07/22 12:0 a.m.•25 views

[20240803] - Core - XSS in HTML Mail Templates

Joomla! CMS versions 4.0.0-4.4.6, 5.0.0-5.1.2...

6.1CVSS6.9AI score0.00252EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2024/06/30 12:0 a.m.•25 views

Phoca Gallery, 5.0.0, XSS (Cross Site Scripting)

Update to 4.4.3, 4.5.0,5.0.1...

7.2AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2023/06/01 12:0 a.m.•25 views

HikaShop Joomla Plugin, , SQL Injection

anyone with access to the order management in the backend of HikaShop to be able to use a MySQL injection to extract data from the database. "payment methods" restriction setting to custom fields of the "order" table in HikaShop 4.4.1, so prior versions of HikaShop are not impacted...

7.1AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/05/07 12:0 a.m.•25 views

[20210303] - Core - XSS within alert messages showed to users

Missing filtering of messages showed to users that could lead to xss issues...

6.1CVSS7.6AI score0.00942EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/01/17 12:0 a.m.•25 views

[20190203] - Core - Additional warning in the Global Configuration textfilter settings

"No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior but might be unexpected for the user. An additional message is now shown in the configuration dialog...

6.1CVSS7.8AI score0.00924EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/03/08 12:0 a.m.•25 views

[20180501] - Core - ACL violation in access levels

Inadequate checks allowed users to modify the access levels of user groups with higher permissions...

8.8CVSS4.6AI score0.0322EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/08/29 12:0 a.m.•25 views

LMS King Pro, SQL Injection

LMS King Lite and LMS King Professional by king-products.net, versions up to 3.2.3.19 lite and 3.2.3.47 pro, SQL Injection resolution: update to version 3.2.3.20 lite and 3.2.3.48 pro update notice url: https://www.king-products.net/lms-king.html...

1.4AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/07/19 12:0 a.m.•25 views

[20160803] - Core - CSRF

Add additional CSRF hardening in comjoomlaupdate...

6.9AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/04/29 12:0 a.m.•25 views

[20160801] - Core - ACL Violation

Inadequate ACL checks in comcontent provide potential read access to data which should be access restricted to users with editown level...

6.6AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/06/02 2:52 p.m.•25 views

Joomlaworks allvideos

Joomlaworks allvideos plugin version 4.5.0 and previous XSS cross-site scripting Extension Update Details The new 4.6.0 version released replaces the XSS affected JW Player v5 with the newest v6. UpdateNoticeURL http://www.joomlaworks.net/forum/extension-updates/14896-june-3rd,-2014-allvideos-v4-...

6AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2013/06/21 5:54 a.m.•25 views

Unite Horizontal Carousel

Unite Horizontal Carousel, , Directory Traversal Updated the extension, fixed the bug, the new version is 1.1 UpdateNoticeURL http://unitecms.net/news...

7.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2011/11/16 12:0 a.m.•25 views

[20120102] - Core - XSS Vulnerability

Inadequate filtering leads to XSS vulnerability...

6.3AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2011/08/02 12:0 a.m.•25 views

[20110902] - Core - XSS Vulnerability

Inadequate escaping leads to XSS vulnerability in back end...

6.2AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2026/03/16 12:0 a.m.•24 views

[20260305] - Core - Arbitrary file deletion in com_joomlaupdate

Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism...

8.6CVSS5.9AI score0.00454EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/02/19 12:0 a.m.•24 views

ccNewsletter 2.2.3 security release

there is a SQL injection issue in ccNewsletter. I advice everyone using a ccNewsletter version before 2.2.2 to upgrade! You can download ccNewsletter 2.2.3 from our downloads section here. https://www.chillcreations.com/downloads/ccnewsletterreltabs-145-notes...

8AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/01/08 12:0 a.m.•24 views

Easy Discuss, 4.0.20, XSS

Easy Discuss by Stackideas, versions 4.0.20 and previous, XSS Resolution: update to 4.0.21 update notice: https://stackideas.com/blog/easydiscuss4021-update...

1.9AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/01/01 12:0 a.m.•24 views

User Bench 1.0, sql injection

User Bench by gegabyte.org, version 1.0, sql injection resolution: update to version 1.1 update notice: http://www.gegabyte.org/downloads/joomla-extensions/joomla3/components/307-user-bench...

1.1AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/09/27 12:0 a.m.•24 views

Quiz Deluxe,3.7.4,SQL Injection

Quiz Deluxe by joomplace, 3.7.4, SQL Injection resolution: update to 3.7.5 update notice: https://www.joomplace.com/blog/secure-your-quiz.html...

0.9AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/08/17 12:0 a.m.•24 views

Bye Bye Password,1.0.4,Information Disclosure

Bye Bye Password by Ready Bytes, versions 1.0.4 and previous, Information Disclosure Also the installer includes a tracking script...

1.9AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/08 12:0 a.m.•24 views

MultiTier,3.1,SQL Injection

MultiTier by Beesto.com, 3.1, SQL Injection...

2.3AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/06 12:0 a.m.•24 views

Canonical Url,4.1.1,SQL Injection

Canonical Url by CMSPlugin.com, 4.1.1, SQL Injection Resolution: update to 4.2.1 Update notice: https://www.cmsplugin.com/products/components/4-canonical-url...

0.4AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/02/02 12:0 a.m.•24 views

kunena,4.0.10,Information Disclosure

kunena,4.0.10,Information Disclosure Developers update link https://www.kunena.org/blog/166-kunena-4-0-11-released...

7.2AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/01/02 12:0 a.m.•24 views

[20170401] - Core - Information Disclosure

Mail sent using the JMail API leaked the used PHPMailer version in the mail headers...

5.3CVSS5.7AI score0.01129EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/05/21 12:0 a.m.•24 views

mod fancy tag cloud,1.017,Other

mod fancy tag cloud comofflajninstaller,1.017,Other resolution: update to version 1.020 update notice: http://fancytagcloud.demo.offlajn.com/index.php/security-update existing users may also need to fix folder permissions, please contact the developer for further information...

0.4AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/11/09 12:0 a.m.•24 views

JNews,8.5.1,SQL Injection

JNews, 8.5.1 and all previous, SQL Injection Resolution: update to 8.7.1 Update notice url: http://www.joobi.co/blog/jnews-8-7-released.html Note that due to discrepancy in developer's code between package and repository, some versions of previous security release 8.6.1 are still vulnerable...

1.3AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/06/27 12:0 a.m.•24 views

Kunena 4.0.2 xss resolution

This version is a security release and addresses most of the important issues that were discovered in K 4.0.1 Developer update statement http://www.kunena.org/blog/149-kunena-4-0-2-released developer @kunena did not inform VEL...

1.9AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/06/26 12:0 a.m.•24 views

BT Portfolio,3.0.5 and below,Other

BT Portfolio,3.0.5 and below,Other Resolution: update to 3.0.6 or later Update notice: http://bowthemes.com/bt-portfolio-version-3.0.6.4.6-released.html...

0.1AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/06/22 7:29 p.m.•24 views

Simple Image Gallery PRO, 3.0.7 and below, XSS (Cross Site Scripting)

Simple Image Gallery PRO plgcontentjwsigpro, 3.0.7 and below, XSS Cross Site Scripting...

1.7AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/06/20 4:49 p.m.•24 views

JB Library [jblibrary], 2.1.5 and below, XSS (Cross Site Scripting)

JB Library, 2.1.5 and below, XSS Cross Site Scripting...

1.5AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/04/14 7:21 p.m.•24 views

Creative Contact Form [com_creativecontactform],2.0.0 and previous

Creative Contact Form comcreativecontactform,2.0.0 and previous,Other Resolution: Update to latest release 3.0.x Notice of Resolution: http://creative-solutions.net/joomla/creative-contact-form...

0.6AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/12/29 1:48 p.m.•24 views

sbahjaoui contact 1.0

sbahjaoui contact version 1.0 SQL Injection Resolution: update to version 1.1 Update notice: http://www.sbahjaoui-info.com/en/extensions/category/10-sbahjaoui-contact.html ttweetfsubscribe...

7.1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/09/12 10:58 a.m.•24 views

Spider Contacts 1.3.6 SQLI

Joomla Spider Contacts 1.3.6 SQL Injection Developer update http://web-dorado.com/products/joomla-contacts.html...

7.8AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/08/04 12:0 a.m.•24 views

kunena 3.0.5 XSS and SQL Injection

kunena 3.0.5 XSS and SQL Injection Update notice http://www.kunena.org/blog/139-kunena-3-0-6-released...

0.9AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2012/03/12 12:0 a.m.•24 views

[20120303] - Core - Privilege Escalation

Programming error allows privilege escalation in some cases...

7.2AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2009/05/05 12:0 a.m.•24 views

[20090603] - Core - Frontend XSS

Some values were output from the database without being properly escaped. Most strings in question were sourced from the administrator panel...

6.9AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2025/01/29 12:0 a.m.•23 views

JS Jobs, 1.4.2, SQL Injection

JS Jobs Joomla - https://extensions.joomla.org/extension/js-jobs/ SQL injection SQLi Which versions are affected? 1.1.5 - 1.4.2...

4.7CVSS7.2AI score0.0908EPSS
Exploits1References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2024/07/22 12:0 a.m.•23 views

[20240804] - Core - Improper ACL for backend profile view

Joomla! CMS versions 4.0.0-4.4.6, 5.0.0-5.1.2...

7.5CVSS6.9AI score0.00354EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2024/06/03 12:0 a.m.•23 views

[20240702] - Core - Self-XSS in fancyselect list field layout

The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector...

5.4CVSS5.8AI score0.00424EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2022/10/07 12:0 a.m.•23 views

[20221002] - Core - RXSS through reflection of user input in headings

Joomla! CMS versions 4.0.0-4.2.3...

6.1CVSS2.7AI score0.00359EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/05/07 12:0 a.m.•23 views

[20200701] - Core - CSRF in com_installer ajax_install endpoint

A missing token check in the ajaxinstall endpoint cominstaller causes a CSRF vulnerability...

6.9AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/04/25 12:0 a.m.•23 views

Phoca Gallery,4.3.15 prior,Other

Phoca Gallery,4.3.15 prior,Other Update Notice URL https://www.phoca.cz/news/1029-phoca-gallery-4-3-17-released...

0.5AI score
Exploits0References1
Total number of security vulnerabilities743