Lucene search
K
JoomlaMost viewed

725 matches found

Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/04/06 12:0 a.m.•23 views

[20170704] - Core - Installer: Lack of Ownership Verification

The CMS installer application lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control...

8.8CVSS8.4AI score0.02182EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/18 10:33 a.m.•23 views

Directorix Directory Manager,1.1.1,SQL Injection

Directorix Directory Manager,1.1.1,SQL Injection...

2AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/12 12:0 a.m.•23 views

Joomloc-lite by joomloc.fr,1.3.3,SQL Injection

Joomloc-lite by joomloc.fr, 1.3.3, SQL Injection Resolution: update to 1.4.1 Update Notice URL http://www.joomloc.fr.nf/telecharger/file/joomloc-lite-free-3.html...

0.5AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/11 12:58 p.m.•23 views

Google Map Store Locator by Matamko,4.0,SQL Injection

Google Map Store Locator by Matamko, 4.0, SQL Injection...

1.9AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/08/31 12:0 a.m.•23 views

Huge IT Portfolio Gallery 1.0.7 and previous

Huge IT Portfolio Gallery 1.0.7 and previous Security updates connected with CSRF and XSS resolution: update to 1.1.0...

1.8AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/08/03 12:0 a.m.•23 views

K2,2.7.0,XSS (Cross Site Scripting)

K2,2.7.0,XSS Cross Site Scripting resolution: update to 2.7.1 update notice url: https://getk2.org/blog/2571-k2-v271-released Note that the VEL do not agree with the developer's assessment that XSS vulnerability is low priority...

0.1AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/07/26 12:0 a.m.•23 views

Payplans SQLi

SQL Injection In PayPlans. readybytes developer update notice. http://www.readybytes.net/blog/item/payplans-sql-injection-blog.html Community notified report...

0.9AI score
Exploits0References2
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/02/28 12:0 a.m.•23 views

[20170405] - Core - XSS Vulnerability

Inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component...

6.1CVSS1.5AI score0.00787EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/06/20 12:0 a.m.•23 views

AP Portfolio [mod_ap_portfolio], 3.3 and below, XSS (Cross Site Scripting)

AP Portfolio modapportfolio, 3.3.1 and below, XSS Cross Site Scripting Extension includes vulnerable JS library prettyPhoto Vulnerability fixed in version 3.3.2 Update notice:http://aplikko.com/joomla-extensions/ap-portfolio...

6.2AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/04/14 7:21 p.m.•23 views

Creative Contact Form [com_creativecontactform],2.0.0 and previous

Creative Contact Form comcreativecontactform,2.0.0 and previous,Other Resolution: Update to latest release 3.0.x Notice of Resolution: http://creative-solutions.net/joomla/creative-contact-form...

0.6AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/12/29 1:48 p.m.•23 views

sbahjaoui contact 1.0

sbahjaoui contact version 1.0 SQL Injection Resolution: update to version 1.1 Update notice: http://www.sbahjaoui-info.com/en/extensions/category/10-sbahjaoui-contact.html ttweetfsubscribe...

7.1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/09/24 3:30 p.m.•23 views

JDownloads

unauthorized file upload vulnerable versions: below 1.9.1.6 Joomla 2.5 and below 1.9.2.11 Joomla 3 security release announcement: http://www.jdownloads.com/index.php?option=comcontent=article=231:urgent-security-update-for-19-series=51:news Note that the developer did not inform the VEL...

7.1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/09/12 10:58 a.m.•23 views

Spider Contacts 1.3.6 SQLI

Joomla Spider Contacts 1.3.6 SQL Injection Developer update http://web-dorado.com/products/joomla-contacts.html...

7.8AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/08/04 12:0 a.m.•23 views

kunena 3.0.5 XSS and SQL Injection

kunena 3.0.5 XSS and SQL Injection Update notice http://www.kunena.org/blog/139-kunena-3-0-6-released...

0.9AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/03/08 11:6 a.m.•23 views

plg_highlight_content, 1.5 and previous

plghighlightcontent, 1.5 and previious versions, XSS Cross Site Scripting update notice: http://www.jonijnm.es/web/descargas/category/9-highlight-code.html...

6.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/02/27 1:4 a.m.•23 views

Google Maps plugin for Joomla, pre 3.1 and 2.20,

Google Maps plugin for Joomla, 3.1 and 2.20, XSS Cross Site Scripting joomla-base reumer.net developer statement A SECURITY RELEASE 3.1 of plugin Google Maps by Reumer is released and this must be applied to your Joomla installation...

6.1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2009/10/13 12:0 a.m.•23 views

[20091103] - Core - XML File Read Issue

It is possible to read the contents of an extension's XML file and find the version number of the installed extension. This could allow people to exploit a known security flaws for a specific version of an extension...

6.7AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2009/06/03 12:0 a.m.•23 views

[20090605] - Core - Frontend XSS - PHP_SELF not properly filtered

An attacker can inject JavaScript code in a URL that will be executed in the context of targeted user browser...

6.8AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2008/09/07 12:0 a.m.•23 views

[20080901] - Core - JRequest Variable Injection

A flaw in JRequest exists where variables set with JRequest::setVar are not cleaned when fetching the variable at a later point in the request. This can result in variable injection unwanted characters injected into returned data...

7.2AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2025/04/09 12:0 a.m.•22 views

Convert Forms, 4.4.10, XSS (Cross Site Scripting)

New 5.0 Update details: All XSS and SQL reported issues have been fixed in the latest release 5.0 Update URL: https://www.tassos.gr/releases/convert-forms/convert-forms-5-0-0 Changelog URL: https://www.tassos.gr/releases/convert-forms/convert-forms-5-0-0...

7AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2025/01/29 12:0 a.m.•22 views

JS Jobs, 1.4.2, SQL Injection

JS Jobs Joomla - https://extensions.joomla.org/extension/js-jobs/ SQL injection SQLi Which versions are affected? 1.1.5 - 1.4.2...

4.7CVSS7.2AI score0.0908EPSS
Exploits1References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2024/12/10 12:0 a.m.•22 views

[20250201] - Core - SQL injection vulnerability in Scheduled Tasks component

Joomla! CMS versions 4.1.0-4.4.10, 5.0.0-5.2.3...

6.7CVSS6.4AI score0.00415EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2024/07/22 12:0 a.m.•22 views

[20240804] - Core - Improper ACL for backend profile view

Joomla! CMS versions 4.0.0-4.4.6, 5.0.0-5.1.2...

7.5CVSS6.9AI score0.00354EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2023/11/08 12:0 a.m.•22 views

[20240202] - Core - Open redirect in installation application

Joomla! CMS versions 1.5.0 - 3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2...

4.3CVSS7.1AI score0.00537EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2022/09/30 12:0 a.m.•22 views

jCart for OpenCart, jCart for OpenCart 3.0.3.19, XSS (Cross Site Scripting)

Here is the link on our site: https://extensions.soft-php.com/support/latest-news/79-joocart-jcart-30325-release-notice.html...

7.1AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/05/06 12:0 a.m.•22 views

[20220304] - Core - Missing input validation within com_fields class inputs

Lack of input validation could allow an XSS attack using comfields...

6.1CVSS3.5AI score0.00565EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/12/23 12:0 a.m.•22 views

[20200101] - Core - CSRF in batch actions

Missing token checks in the batch actions of various components causes CSRF vulnerabilities...

8.8CVSS8.4AI score0.00452EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/01/20 9:18 a.m.•22 views

J-CruiseReservation 6.0.2 sqli

new version number 6.0.4 UpdateNotice URL https://www.cmsjunkie.com/blog/cruise-reservations-update/...

7.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/09/25 11:1 a.m.•22 views

All Regular Labs extensions with editor buttons

All Regular Labs extensions with editor buttons, versions before 7 September 2018, cross site scripting XSS:- - Articles Anywhere - Conditional Content - Dummy Content - Modals - Modules Anywhere - Sliders - Snippets - Tabs - Tooltips The editor button popup urls could potentially be used...

6.5AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/01/31 12:0 a.m.•22 views

JCE Editor,2.6.25, XSS (Cross Site Scripting)

JCE Editor Pro, Version 2.6.25 only, XSS Cross Site Scripting Resolution: update to 2.6.26 Update notice: https://www.joomlacontenteditor.net/news/jce-pro-2-6-26-released...

6.2AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/10/24 12:0 a.m.•22 views

HDW Player,4.0.0, RCE

HDW Player,4.0.0 and all other versions, remote code execution Note that this vulnerabilitiy was supposedly fixed by the developer in version 3.2.2, the fact that this issue has arisen again suggests that the developer is aware of it and has created a deliberate back door. The VEL believe that th...

4.7AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/10/11 12:0 a.m.•22 views

Ajax Quiz by Webkul,2.0,SQL Injection

Ajax Quiz by Webkul, 2.0 and previous, SQL Injection Resolution: update to version 2.1 Update notice: https://store.webkul.com/AjaxQuiz.html...

2.1AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/06/01 12:0 a.m.•22 views

HikaShop Business,3.1.0,SQL Injection

HikaShop Business,3.1.0,SQL Injection new version number 3.1.1 Update Notice URL https://www.hikashop.com/home/blog/373-security-release-for-hikashop-business.html...

7.5AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/04/26 12:0 a.m.•22 views

[20170705] - Core - XSS Vulnerability

Inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components...

6.1CVSS7.1AI score0.00965EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/21 12:0 a.m.•22 views

[20170403] - Core - XSS Vulnerability

Inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components...

6.1CVSS6.2AI score0.01333EPSS
Exploits2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/02/02 12:0 a.m.•22 views

Virtuemart 3.0.10 and previous

XSS Resolution: update to 3.0.12 or 2.6.22 for VM2 users Update notice: http://virtuemart.net/news/latest-news/473-security-release-virtuemart-3-0-12 Note that developer did not inform the VEL...

7.1AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/12/28 12:0 a.m.•22 views

JMS Support Online module, 2.0.0, XSS (Cross Site Scripting)

JMS Support Online module,2.0.0,XSS Cross Site Scripting...

0.9AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/09/27 12:0 a.m.•22 views

Huge IT Slider,1.0.9,SQL Injection

Huge IT Slider,1.0.9,SQL Injection Resolution: update to 1.1.0 update notice: https://huge-it.com/joomla-extensions-security-notice/...

0.6AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/02/05 12:0 a.m.•22 views

[20170701] - Core - Information Disclosure

Improper cache invalidation leads to disclosure of form contents...

7.5CVSS7.2AI score0.02303EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/09/08 12:0 a.m.•22 views

Master User, versions before 2.1.4

Versions before 2.1.4 suffered from an issue with insecure default settings, the issue affects Joomla 3.4 sites only, but users are advised by the developer to update anyway. Resolution: Update to version 2.1.4 Update notice URL:...

2.1AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/06/20 3:22 p.m.•22 views

Art Pretty Photo [artprettyphoto],1.9.21 and below,XSS (Cross Site Scripting)

Art Pretty Photo artprettyphoto, 1.9.21 and below, XSS Cross Site Scripting...

1.4AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/05/19 2:33 p.m.•22 views

OS Property - Joomla Real Estate sqli pre 2.8.1

OS Property - Joomla Real Estate sqli 12th May 2014 - New version 2.8.1 ============== Bug Fixed =============== 1. SQL Injection solved developer did not inform VEL...

2.9AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/04/13 1:49 p.m.•22 views

Face Gallery by Apptha [com_facegallery] version 1.0

Face Gallery by Apptha comfacegallery, version 1.0 exploit: Other...

3.6AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/03/27 3:49 p.m.•22 views

youtube plugin - youtubejoomla ,1.1

youtube plugin - Stian Totland,1.1 ,Other , youtubejoomla...

2.5AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/01/19 12:0 a.m.•22 views

JCE - Joomla Content Editor 2.4.5 and previous

Versions 2.4.5 and previous Update to Version 2.4.6 improves security in add-on installation system UpdateNoticeURL https://www.joomlacontenteditor.net/news/item/jce-246-released...

2.5AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/09/30 5:29 p.m.•22 views

Akeeba CMS Update

Extension Update Details Akeeba CMS Update 1.0.2 Update Notice URL https://www.akeebabackup.com/home/news/1605-security-update-sep-2014.html...

0.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/08/07 9:6 p.m.•22 views

Joomla Multicalendar, 5.3.2 and previous versions,

Joomla Multicalendar, 5.3.2 and previous versions, XSS Cross Site Scripting UpdateNoticeURL http://www.joomlacalendars.com/faq/multi-view-calendar-for-joomlaq39...

6.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/02/06 12:0 a.m.•22 views

[20140301] - Core - SQL Injection

Inadequate escaping leads to SQL injection vulnerability...

8.1AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2013/11/02 3:56 p.m.•22 views

spider contact lite, sqli

spider contact lite , , as per http://vel.joomla.org/vel-blog/976-spider-contacts-1-3-3.html Extension Update Details We have fixed the vulnerability on Spider Contacts Lite. We have changed the version to 1.3.4 on JED and also added corresponding text to the description. UpdateNoticeURL...

7.1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2012/10/01 12:0 a.m.•22 views

[20121001] - Core - XSS Vulnerability

Typographical error leads to XSS vulnerability in language search component...

6.2AI score
Exploits0Affected Software1
Total number of security vulnerabilities725