Lucene search
K
JoomlaMost viewed

747 matches found

Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/05/07 12:0 a.m.•23 views

[20200701] - Core - CSRF in com_installer ajax_install endpoint

A missing token check in the ajaxinstall endpoint cominstaller causes a CSRF vulnerability...

6.9AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/01/20 9:18 a.m.•23 views

J-CruiseReservation 6.0.2 sqli

new version number 6.0.4 UpdateNotice URL https://www.cmsjunkie.com/blog/cruise-reservations-update/...

7.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/01/16 12:0 a.m.•23 views

[20190204] - Core - Stored XSS issue in the Global Configuration help url #2

Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS...

6.1CVSS7.7AI score0.008EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/10/15 12:0 a.m.•23 views

CW Article Attachments (Pro Version), SQL Injection

CW Article Attachments Pro Version from cwjoomla.com, versions 2.1.0 and previous, SQL Injection resolution: update to 2.1.2 update notice: http://www.cwjoomla.com/download-cw-article-attachments...

2.3AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/12/15 3:30 p.m.•23 views

JBuildozer,1.4.1,SQL Injection

JBuildozer,1.4.1,SQL Injection...

1.8AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/10/03 12:0 a.m.•23 views

NS Download Shop, 2.2.6, SQL Injection

NS Download Shop, 2.2.6, SQL Injection Resolution: update to 2.2.8 Update notice: https://nswd.co/extensions/help-desk/security-release-v2-2-8...

0.8AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/07/08 12:0 a.m.•23 views

[20180507] - Core - Session deletion race condition

A long running background process, such as remote checks for core or extension updates, could create a race condition where a session which was expected to be destroyed would be recreated...

5.9CVSS2.3AI score0.01333EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/05/17 12:0 a.m.•23 views

[20171103] - Core - Information Disclosure

A logic bug in comfields exposed read-only information about a site's custom fields to unauthorized users...

4.3CVSS6.6AI score0.0153EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/04/06 12:0 a.m.•23 views

[20170704] - Core - Installer: Lack of Ownership Verification

The CMS installer application lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control...

8.8CVSS8.4AI score0.02182EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/18 10:33 a.m.•23 views

Directorix Directory Manager,1.1.1,SQL Injection

Directorix Directory Manager,1.1.1,SQL Injection...

2AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/12 12:0 a.m.•23 views

Joomloc-lite by joomloc.fr,1.3.3,SQL Injection

Joomloc-lite by joomloc.fr, 1.3.3, SQL Injection Resolution: update to 1.4.1 Update Notice URL http://www.joomloc.fr.nf/telecharger/file/joomloc-lite-free-3.html...

0.5AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/11 12:58 p.m.•23 views

Google Map Store Locator by Matamko,4.0,SQL Injection

Google Map Store Locator by Matamko, 4.0, SQL Injection...

1.9AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/08/31 12:0 a.m.•23 views

Huge IT Portfolio Gallery 1.0.7 and previous

Huge IT Portfolio Gallery 1.0.7 and previous Security updates connected with CSRF and XSS resolution: update to 1.1.0...

1.8AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/08/03 12:0 a.m.•23 views

K2,2.7.0,XSS (Cross Site Scripting)

K2,2.7.0,XSS Cross Site Scripting resolution: update to 2.7.1 update notice url: https://getk2.org/blog/2571-k2-v271-released Note that the VEL do not agree with the developer's assessment that XSS vulnerability is low priority...

0.1AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/07/26 12:0 a.m.•23 views

Payplans SQLi

SQL Injection In PayPlans. readybytes developer update notice. http://www.readybytes.net/blog/item/payplans-sql-injection-blog.html Community notified report...

0.9AI score
Exploits0References2
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/02/28 12:0 a.m.•23 views

[20170405] - Core - XSS Vulnerability

Inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component...

6.1CVSS1.5AI score0.00787EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/06/20 12:0 a.m.•23 views

AP Portfolio [mod_ap_portfolio], 3.3 and below, XSS (Cross Site Scripting)

AP Portfolio modapportfolio, 3.3.1 and below, XSS Cross Site Scripting Extension includes vulnerable JS library prettyPhoto Vulnerability fixed in version 3.3.2 Update notice:http://aplikko.com/joomla-extensions/ap-portfolio...

6.2AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/09/24 3:30 p.m.•23 views

JDownloads

unauthorized file upload vulnerable versions: below 1.9.1.6 Joomla 2.5 and below 1.9.2.11 Joomla 3 security release announcement: http://www.jdownloads.com/index.php?option=comcontent=article=231:urgent-security-update-for-19-series=51:news Note that the developer did not inform the VEL...

7.1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/08/07 9:6 p.m.•23 views

Joomla Multicalendar, 5.3.2 and previous versions,

Joomla Multicalendar, 5.3.2 and previous versions, XSS Cross Site Scripting UpdateNoticeURL http://www.joomlacalendars.com/faq/multi-view-calendar-for-joomlaq39...

6.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/03/08 11:6 a.m.•23 views

plg_highlight_content, 1.5 and previous

plghighlightcontent, 1.5 and previious versions, XSS Cross Site Scripting update notice: http://www.jonijnm.es/web/descargas/category/9-highlight-code.html...

6.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/02/27 1:4 a.m.•23 views

Google Maps plugin for Joomla, pre 3.1 and 2.20,

Google Maps plugin for Joomla, 3.1 and 2.20, XSS Cross Site Scripting joomla-base reumer.net developer statement A SECURITY RELEASE 3.1 of plugin Google Maps by Reumer is released and this must be applied to your Joomla installation...

6.1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/02/06 12:0 a.m.•23 views

[20140301] - Core - SQL Injection

Inadequate escaping leads to SQL injection vulnerability...

8.1AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2013/11/02 3:56 p.m.•23 views

spider contact lite, sqli

spider contact lite , , as per http://vel.joomla.org/vel-blog/976-spider-contacts-1-3-3.html Extension Update Details We have fixed the vulnerability on Spider Contacts Lite. We have changed the version to 1.3.4 on JED and also added corresponding text to the description. UpdateNoticeURL...

7.1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2012/10/01 12:0 a.m.•23 views

[20121001] - Core - XSS Vulnerability

Typographical error leads to XSS vulnerability in language search component...

6.2AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2012/01/29 12:0 a.m.•23 views

[20120201] - Core - Information Disclosure

Inadequate validation leads to information disclosure in administrator...

6.4AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2011/10/21 12:0 a.m.•23 views

[20111101] - Core - XSS Vulnerability

Inadequate filtering leads to XSS vulnerability in back end...

6.2AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2011/08/02 12:0 a.m.•23 views

[20111002] - Core - Information Disclosure

Inadequate error checking causes potential information disclosure...

6.8AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2009/10/13 12:0 a.m.•23 views

[20091103] - Core - XML File Read Issue

It is possible to read the contents of an extension's XML file and find the version number of the installed extension. This could allow people to exploit a known security flaws for a specific version of an extension...

6.7AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2009/06/03 12:0 a.m.•23 views

[20090605] - Core - Frontend XSS - PHP_SELF not properly filtered

An attacker can inject JavaScript code in a URL that will be executed in the context of targeted user browser...

6.8AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2008/09/07 12:0 a.m.•23 views

[20080901] - Core - JRequest Variable Injection

A flaw in JRequest exists where variables set with JRequest::setVar are not cleaned when fetching the variable at a later point in the request. This can result in variable injection unwanted characters injected into returned data...

7.2AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2025/04/09 12:0 a.m.•22 views

Convert Forms, 4.4.10, XSS (Cross Site Scripting)

New 5.0 Update details: All XSS and SQL reported issues have been fixed in the latest release 5.0 Update URL: https://www.tassos.gr/releases/convert-forms/convert-forms-5-0-0 Changelog URL: https://www.tassos.gr/releases/convert-forms/convert-forms-5-0-0...

7AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2024/12/10 12:0 a.m.•22 views

[20250201] - Core - SQL injection vulnerability in Scheduled Tasks component

Improperly built order clauses lead to a SQL injection vulnerability in the backend task list of comscheduler...

6.7CVSS7.1AI score0.00415EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2023/11/08 12:0 a.m.•22 views

[20240202] - Core - Open redirect in installation application

Inadequate parsing of URLs could result into an open redirect...

4.3CVSS6.1AI score0.00537EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2022/09/30 12:0 a.m.•22 views

jCart for OpenCart, jCart for OpenCart 3.0.3.19, XSS (Cross Site Scripting)

Here is the link on our site: https://extensions.soft-php.com/support/latest-news/79-joocart-jcart-30325-release-notice.html...

7.1AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/05/06 12:0 a.m.•22 views

[20220304] - Core - Missing input validation within com_fields class inputs

Lack of input validation could allow an XSS attack using comfields...

6.1CVSS3.5AI score0.00565EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/03/25 12:0 a.m.•22 views

acymailing, 6.9.2,Other

acymailing, 6.9.2,Other Update to version 6.9.2 Developer did not inform the VEL team...

3.1AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/12/23 12:0 a.m.•22 views

[20200101] - Core - CSRF in batch actions

Missing token checks in the batch actions of various components causes CSRF vulnerabilities...

8.8CVSS8.4AI score0.00452EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/05/14 12:0 a.m.•22 views

oziogallery,5.0.1,XSS (Cross Site Scripting)

oziogallery,5.0.1,XSS Cross Site Scripting Update Notice URL https://www.facebook.com/groups/oziogallery/permalink/1588619457938122/ Change log Url https://www.opensourcesolutions.es/en/ext/ozio-gallery.htmlChangelog...

Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/09/25 11:1 a.m.•22 views

All Regular Labs extensions with editor buttons

All Regular Labs extensions with editor buttons, versions before 7 September 2018, cross site scripting XSS:- - Articles Anywhere - Conditional Content - Dummy Content - Modals - Modules Anywhere - Sliders - Snippets - Tabs - Tooltips The editor button popup urls could potentially be used...

6.5AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/01/31 12:0 a.m.•22 views

JCE Editor,2.6.25, XSS (Cross Site Scripting)

JCE Editor Pro, Version 2.6.25 only, XSS Cross Site Scripting Resolution: update to 2.6.26 Update notice: https://www.joomlacontenteditor.net/news/jce-pro-2-6-26-released...

6.2AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/10/24 12:0 a.m.•22 views

HDW Player,4.0.0, RCE

HDW Player,4.0.0 and all other versions, remote code execution Note that this vulnerabilitiy was supposedly fixed by the developer in version 3.2.2, the fact that this issue has arisen again suggests that the developer is aware of it and has created a deliberate back door. The VEL believe that th...

4.7AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/10/11 12:0 a.m.•22 views

Ajax Quiz by Webkul,2.0,SQL Injection

Ajax Quiz by Webkul, 2.0 and previous, SQL Injection Resolution: update to version 2.1 Update notice: https://store.webkul.com/AjaxQuiz.html...

2.1AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/06/01 12:0 a.m.•22 views

HikaShop Business,3.1.0,SQL Injection

HikaShop Business,3.1.0,SQL Injection new version number 3.1.1 Update Notice URL https://www.hikashop.com/home/blog/373-security-release-for-hikashop-business.html...

7.5AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/04/26 12:0 a.m.•22 views

[20170705] - Core - XSS Vulnerability

Inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components...

6.1CVSS7.1AI score0.00965EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/21 11:51 p.m.•22 views

Membership Pro and other OS Solution extensions

Os Solution products have fixed an issue in the Paypal payment gateway in five of their extensions and made new releases to fix it:- 1. Events Booking version 2.14.2 https://www.joomdonation.com/forum/events-booking-general-discussion/57320-events-booking-version-2-14-2-released.html 2...

1.8AI score
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/21 12:0 a.m.•22 views

[20170403] - Core - XSS Vulnerability

Inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components...

6.1CVSS6.2AI score0.01333EPSS
Exploits2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/02/02 12:0 a.m.•22 views

Virtuemart 3.0.10 and previous

XSS Resolution: update to 3.0.12 or 2.6.22 for VM2 users Update notice: http://virtuemart.net/news/latest-news/473-security-release-virtuemart-3-0-12 Note that developer did not inform the VEL...

7.1AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/12/28 12:0 a.m.•22 views

JMS Support Online module, 2.0.0, XSS (Cross Site Scripting)

JMS Support Online module,2.0.0,XSS Cross Site Scripting...

0.9AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/09/27 12:0 a.m.•22 views

Huge IT Slider,1.0.9,SQL Injection

Huge IT Slider,1.0.9,SQL Injection Resolution: update to 1.1.0 update notice: https://huge-it.com/joomla-extensions-security-notice/...

0.6AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/02/05 12:0 a.m.•22 views

[20170701] - Core - Information Disclosure

Improper cache invalidation leads to disclosure of form contents...

7.5CVSS7.2AI score0.02303EPSS
Exploits0Affected Software1
Total number of security vulnerabilities747