725 matches found
acymailing, pre 8.7.0 , Other
acymailing, pre 8.7.0 , Other multiple...
JUX Timetable x
JUX TimetableVersion: Old 1.0.4 / New 1.0.5 Update URL: https://extensions.joomla.org/extension/jux-timetable/ Download URL: https://demo.joomlaux.com/download/pkgjuxtimetable.zip...
[20220304] - Core - Missing input validation within com_fields class inputs
Lack of input validation could allow an XSS attack using comfields...
paGO Commerce, 2.5.9.0, SQL Injection
paGO Commerce, 2.5.9.0, SQL Injection...
acymailing, 6.9.2,Other
acymailing, 6.9.2,Other Update to version 6.9.2 Developer did not inform the VEL team...
PayPlans,4.0, ID
PayPlans,4.0, ID https://stackideas.com/blog/payplans-4013 Update to 4.0.13...
oziogallery,5.0.1,XSS (Cross Site Scripting)
oziogallery,5.0.1,XSS Cross Site Scripting Update Notice URL https://www.facebook.com/groups/oziogallery/permalink/1588619457938122/ Change log Url https://www.opensourcesolutions.es/en/ext/ozio-gallery.htmlChangelog...
[20181003] - Core - Access level Violation in com_tags
Inadequate checks on the tags search fields can lead to an access level violation...
Simple Image Gallery (free) 3.5.0 and previous, XSS
Simple Image Gallery Freed by Joomlaworks, version 3.5.0 and previous, XSS Resolution: update to 3.6.0 Update notice: https://www.joomlaworks.net/blog/item/269-simple-image-gallery-free-v3-6-0-released-featuring-enhanced-print-previews-fixing-xss-vulnerability-related-to-print-page-output Note th...
B2j Contact,2.0 and other,Other
B2j Contact,2.0 and other,Other Resolved by upgrading to 2.1.15...
Street Guesser,1.1.8,SQL Injection
Street Guesser by Normograph, version 1.1.8, SQL Injection resolution: update to 1.1.13 update notice: https://www.nordmograph.com/extensions/index.php?option=comvirtuemart=productdetailsproductid=160categoryid=1=58...
Myportfolio,3.0.2,SQL Injection
Myportfolio,3.0.2,SQL Injection Developer statement new version number 3.0.3 Update Notice URL https://www.samybaxy.net/...
Membership Pro and other OS Solution extensions
Os Solution products have fixed an issue in the Paypal payment gateway in five of their extensions and made new releases to fix it:- 1. Events Booking version 2.14.2 https://www.joomdonation.com/forum/events-booking-general-discussion/57320-events-booking-version-2-14-2-released.html 2...
Joomloc-CAT, version 4.1.3, SQL injection
Joomloc-CAT, version 4.1.3, SQL injection Resolution: update to 4.2.1 Update Notice URL http://www.joomloc.fr.nf/en/downloads-products/file/joomloc-pro-channel-manager-pms.html...
JE Property Finder, 1.6.3
JE Property Finder,1.6.3,SQL Injection...
Virtuemart 3.0.10 and previous
XSS Resolution: update to 3.0.12 or 2.6.22 for VM2 users Update notice: http://virtuemart.net/news/latest-news/473-security-release-virtuemart-3-0-12 Note that developer did not inform the VEL...
Huge IT Slider,1.0.9,SQL Injection
Huge IT Slider,1.0.9,SQL Injection Resolution: update to 1.1.0 update notice: https://huge-it.com/joomla-extensions-security-notice/...
nitroslider,1.0.0
nitroslider,1.0.0 open folder permissions update to 1.0.1 update notice: https://www.themechoice.com/joomla-extensions/nitro-layer-slider...
[20170408] - Core - Information Disclosure
Multiple files caused full path disclosures on systems with enabled error reporting...
EasySocial versions before 1.4.7
EasySocial versions before 1.4.7: Code injection Resolution: update to 1.4.7 Update notice: http://stackideas.com/blog/critical-update-for-easysocial-update-to-1-4-7-now...
JCE - A Content Editor for Joomla, 2.5.0, 2.5.1, 2.5.2
JCE - A Content Editor for Joomla, vulnerable versions: 2.5.0, 2.5.1, 2.5.2, Vulnerability type: other Resolution: update to version 2.5.3 Update Notice URL https://www.joomlacontenteditor.net/news/item/jce-253-released Developer says that versions prior to 2.5.0 do not appear to be affected, but...
Art Pretty Photo [artprettyphoto],1.9.21 and below,XSS (Cross Site Scripting)
Art Pretty Photo artprettyphoto, 1.9.21 and below, XSS Cross Site Scripting...
BeestoHelpDesk, 3.1.1 and probably all previous,Information Disclosure
BeestoHelpDesk, 3.1.1 and probably all previous,Information Disclosure Resolution: update to version 3.1.2 or 2.5.2 for users of Joomla 2.5.x update notice: http://beesto.com/forum/read.php?25,1963,1963msg-1963...
"J-ClassifiedsManager" by CMSjunkie
"J-ClassifiedsManager" by CMSjunkie, versions before 2.1.0, SQL injection Resolution Update to 2.1.0 UpdateNoticeURL http://www.cmsjunkie.com/blog/joomla-classifieds-manager-2-1-0-release/...
"Simple Email Form" by unlikelysource.com, 1.8.5 and below
"Simple Email Form" by unlikelysource.com, 1.8.5 and older; XSS Resolution: update to version 1.8.6 Update notice URL: http://joomla.unlikelysource.org/index.php...
youtube plugin - youtubejoomla ,1.1
youtube plugin - Stian Totland,1.1 ,Other , youtubejoomla...
JCE - Joomla Content Editor 2.4.5 and previous
Versions 2.4.5 and previous Update to Version 2.4.6 improves security in add-on installation system UpdateNoticeURL https://www.joomlacontenteditor.net/news/item/jce-246-released...
edocuman, 1.6.0, Other
edocuman, 1.6.0, Other Developer update notice http://joomdonation.com/forum/edocman/45095-low-security-edocman-1-6-1-released.html53433...
plg_highlight_content, 1.5 and previous
plghighlightcontent, 1.5 and previious versions, XSS Cross Site Scripting update notice: http://www.jonijnm.es/web/descargas/category/9-highlight-code.html...
ODude Ecard - DT
ODude Ecard - DT - 777 developer statement - ODude Ecard Version 2.1 http://www.odude.com/main/odude-ecard/ecard-log.html...
Mijo Analytics, Joomla 2.5.x,
Mijo Analytics, Joomla 2.5.x, SQL Injection...
[20120602] - Core - Information Disclosure
Inadequate filtering leads SQL error and information disclosure...
[20110903] - Core - Information Disclosure
Inadequate error checking causes information disclosure...
[20250301] - Core - Malicious file uploads via Media Manager
Joomla! CMS versions 4.0.0-4.4.11, 5.0.0-5.2.4...
[20240705] - Core - XSS in com_fields default field value
The Custom Fields component not correctly filter inputs, leading to a XSS vector...
CMS2CMS, Connector Extension, 2.00 permissions
CMS2CMS Connector Extension 2.00 Update of the permission type created for the catalog file 2.01...
Ordasoft CCK, 6.1.12 Various
Ordasoft CCK, 6.1.12 Various,,Other new version number...
[20190303] - Core - XSS in media form field
The media form field lacks escaping, leading to a XSS vulnerability...
kunena,5.1.7,XSS (Cross Site Scripting)
kunena,5.1.7,XSS Cross Site Scripting https://www.kunena.org/blog/201-kunena-5-1-8-released...
kunena,5.1.6.1,XSS (Cross Site Scripting)
kunena,5.1.6.1,XSS Cross Site Scripting Developer statement: Update to 5.1.7 https://www.kunena.org/blog/200-kunena-5-1-7-released...
Calendar Planner 1.0.1 - SQL Injection
Calendar Planner 1.0.1 - SQL Injection resolution: update to 1.0.2 update notice: http://www.joomlathat.com/news/news/calendar-planner/calendar-planner-1-0-2-security-release...
PayPal IPN for DOCman by shopfiles.com,3.1,SQL Injection
PayPal IPN for DOCman by shopfiles.com, 3.1, SQL Injection...
JO Facebook gallery,4.5,SQL Injection
JO Facebook gallery by Joomcore.com, 4.5,SQL Injection resolution: update to 4.6 Update Notice URL http://joomcore.com/news-updates/item/109-update-jo-facebook-gallery-to-version-4-6-fixed-problem-sql-injection-in-version-4-5...
Huge IT Video Gallery,1.1.1,XSS (Cross Site Scripting)
Huge IT Video Gallery,1.1.1,XSS Cross Site Scripting Also versions 1.0.9 and previous have SQL injection vulnerability Resolution: update to version 1.1.3 Update notice: https://huge-it.com/joomla-extensions-security-notice/...
Komento 2.0.6, xss
We just released Komento 2.0.7 to address a security issue where a remote attacker may be able to launch an xss attack in prior versions of Komento. update notice: https://stackideas.com/blog/important-komento-2-0-7-security-fix...
[20160802] - Core - XSS Vulnerability
Inadequate escaping leads to XSS vulnerability in mail component...
Event Manager, 2.1.4 and below, multiple vulnerabilities
Event Manager, 2.1.4 and below, SQLi and Unrestricted File Upload Fixed in version 2.1.4.2 Notice: http://www.joomlaeventmanager.net/project/changelog-jem-2...
Football [com_football],SQL Injection
Component comfootball, unknown version possibly joomleague fork SQL Injection...
Kunena,3.0.7 and previous
Kunena,3.0.7 and previous,Other Resolution: update to 3.0.8 Update notice url: http://www.kunena.org/blog/143-kunena-3-0-8-released Note that the developer did not inform the VEL...
Jdownloads Pre 3.2.23
Jdownloads Extension Update Details Version 3.2.23 eliminates two vulnerabilities to prevent SQL injections. Only low risk. UpdateNoticeURL http://www.jdownloads.com/index.php?option=comcontent=article=234:jdownloads-3223-beta-published=51:news...