Lucene search
K
JoomlaRecent

747 matches found

Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2025/07/23 12:0 a.m.9 views

rsdirectory

Extension: RSDirectory! Version: Old 2.2.7 / New 2.2.8 Update details: Versions affected 1.0.0 through 2.2.7 Stored XSS allows remote authenticated attackers to inject arbitrary web script or HTML via the review reply component. Fixed in 2.2.8 Update URL:...

5.6AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2025/04/09 12:0 a.m.22 views

Convert Forms, 4.4.10, XSS (Cross Site Scripting)

New 5.0 Update details: All XSS and SQL reported issues have been fixed in the latest release 5.0 Update URL: https://www.tassos.gr/releases/convert-forms/convert-forms-5-0-0 Changelog URL: https://www.tassos.gr/releases/convert-forms/convert-forms-5-0-0...

7AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2025/03/20 12:0 a.m.35 views

[20250402] - Core - MFA Authentication Bypass

Insufficient state checks lead to a vector that allows to bypass 2FA checks...

7.5CVSS6AI score0.00393EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2025/03/17 12:0 a.m.32 views

[20250401] - Framework - SQL injection vulnerability in quoteNameStr method of Database package

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package...

9.8CVSS7.2AI score0.00469EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2025/02/25 12:0 a.m.20 views

[20250301] - Core - Malicious file uploads via Media Manager

Inadequate checks in the Media Manager allowed users with "edit" privileges to create executable PHP files...

7.1CVSS5.9AI score0.00453EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2025/01/29 12:0 a.m.23 views

JS Jobs, 1.4.2, SQL Injection

JS Jobs Joomla - https://extensions.joomla.org/extension/js-jobs/ SQL injection SQLi Which versions are affected? 1.1.5 - 1.4.2...

4.7CVSS7.2AI score0.0908EPSS
Exploits1References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/12/10 12:0 a.m.23 views

[20250201] - Core - SQL injection vulnerability in Scheduled Tasks component

Improperly built order clauses lead to a SQL injection vulnerability in the backend task list of comscheduler...

6.7CVSS7.1AI score0.00415EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/10/18 12:0 a.m.11 views

HikaShop, 5.1.3, Other ACL

Update to Hikashop 5.1.4 . No other details on this exploit will be release...

6.5CVSS6.9AI score0.0015EPSS
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/09/19 12:0 a.m.19 views

[20250102] - Core - XSS vector in the id attribute of menu lists

Lack of output escaping in the id attribute of menu lists...

7.5CVSS5.9AI score0.00411EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/08/29 12:0 a.m.13 views

[20250101] - Core - XSS vectors in module chromes

Various module chromes didn't properly process inputs, leading to XSS vectors...

6.1CVSS5.9AI score0.00246EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/08/26 12:0 a.m.16 views

[20250103] - Core - Read ACL violation in multiple core views

Improper Access Controls allows access to protected views...

7.5CVSS5.9AI score0.00375EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/07/22 12:0 a.m.23 views

[20240804] - Core - Improper ACL for backend profile view

Improper Access Controls allows backend users to overwrite their username when disallowed...

7.5CVSS6AI score0.00354EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/07/22 12:0 a.m.29 views

[20240805] - Core - XSS vectors in Outputfilter::strip* methods

The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors...

6.1CVSS5.9AI score0.00252EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/07/22 12:0 a.m.25 views

[20240803] - Core - XSS in HTML Mail Templates

The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions...

6.1CVSS5.9AI score0.00252EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/06/30 12:0 a.m.19 views

Advanced custom fields, 2.7.7, SQL Injection

Version: Old 2.8.2 / New 2.8.3 Update details: Improved sanitization/escaping of custom field values in v2.8.3 Update URL: https://www.tassos.gr/releases/advanced-custom-fields/advanced-custom-fields-2-8-3?format=htmlChangelog...

7.1AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/06/30 12:0 a.m.25 views

Phoca Gallery, 5.0.0, XSS (Cross Site Scripting)

Update to 4.4.3, 4.5.0,5.0.1...

7.2AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/06/09 12:0 a.m.20 views

[20240705] - Core - XSS in com_fields default field value

The Custom Fields component not correctly filter inputs, leading to a XSS vector...

6.1CVSS5.8AI score0.00447EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/06/08 12:0 a.m.21 views

[20240704] - Core - XSS in Wrapper extensions

The wrapper extensions do not correctly validate inputs, leading to XSS vectors...

6.1CVSS5.8AI score0.00463EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/06/08 12:0 a.m.29 views

[20240703] - Core - XSS in StringHelper::truncate method

Improper handling of input could lead to an XSS vector in the StringHelper::truncate method...

6.1CVSS5.8AI score0.00442EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/06/03 12:0 a.m.24 views

[20240702] - Core - Self-XSS in fancyselect list field layout

The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector...

5.4CVSS5.8AI score0.00424EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/05/23 12:0 a.m.28 views

[20240802] - Core - Cache Poisoning in Pagination

The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors...

9.1CVSS5.9AI score0.00441EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/03/20 12:0 a.m.20 views

[20240801] - Core - Inadequate validation of internal URLs

Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not...

6.1CVSS5.8AI score0.00239EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/02/20 12:0 a.m.18 views

[20240701] - Core - XSS in accessible media selection field

Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field...

6.1CVSS5.8AI score0.00442EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/02/15 12:0 a.m.16 views

osTicky2, , Other

This extension is abandoned and should be removed from your site...

7.1AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/01/30 12:0 a.m.39 views

[20240204] - Core - XSS in mail address outputs

Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components...

6.1CVSS5.8AI score0.3221EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/01/09 12:0 a.m.28 views

[20240203] - Core - XSS in media selection fields

Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions...

6.1CVSS5.8AI score0.00513EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/11/29 12:0 a.m.33 views

[20240201] - Core - Insufficient session expiration in MFA management views

The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified...

6.3CVSS6.6AI score0.00512EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/11/22 12:0 a.m.38 views

[20240205] - Core - Inadequate content filtering within the filter code

Inadequate content filtering leads to XSS vulnerabilities in various components...

6.5CVSS6AI score0.48839EPSS
Exploits1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/11/08 12:0 a.m.23 views

[20240202] - Core - Open redirect in installation application

Inadequate parsing of URLs could result into an open redirect...

4.3CVSS6.1AI score0.00537EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/09/18 12:0 a.m.15 views

LazyDbBackup, 3.9.0, Other

LazyDbBackup Version: 4.0.8...

6.9AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/08/18 12:0 a.m.22 views

acymailing, pre 8.7.0 , Other

acymailing, pre 8.7.0 , Other multiple...

6.9AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/07/30 12:0 a.m.20 views

Solidres, 2.13.3, hub plugin XSS (Cross Site Scripting)

https://www.solidres.com/forum/report-bugs/12031-vulnerability-joomla-solidres-2-13-3-reflected-xss...

7.2AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/07/25 12:0 a.m.18 views

bagallery , , Other

Developer statement Old 1.1 / New 1.2 Update details: We have thoroughly tested all the code in our component to ensure it is free of any security issues. Update URL: https://bestaddon.com/product/ba-gallery/Changelog...

7.3AI score
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/07/14 12:0 a.m.67 views

[20231101] - Core - Exposure of environment variables

The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information...

7.5CVSS7AI score0.00811EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/07/12 12:0 a.m.17 views

JC Dashboards, 1.3.10, Other

JCDashboards updated latest version V1.3.31 as this includes a fix for a possible security leak should your linux server not be configured correctly in certain circumstances. changelog | Download url ---|--- https://joomcode.com/jcmedia/comjcdashboards/versionhistory.html |...

6.7AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/07/12 12:0 a.m.19 views

quickform, , Other

Developer states exploit is "hack yourself" scenario...

6.9AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/07/07 12:0 a.m.17 views

Virtual Classroom, , SQL Injection

Developer release blog https://blog.braincert.com/virtual-classroom-security-release-elevate-your-online-learning-on-wordpress-and-joomla/...

7.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/07/07 12:0 a.m.9 views

LM-CUSTOM-ADMIN, , Other

Version: Old 2.7.3 / New 2.7.4 Update details: block cde php shellexec Update URL: https://lomart.fr/extensions-blog/38-modules-administrator/125-lm-custom-administrator Changelog URL:...

7AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/06/01 12:0 a.m.27 views

HikaShop Joomla Plugin, , SQL Injection

anyone with access to the order management in the backend of HikaShop to be able to use a MySQL injection to extract data from the database. "payment methods" restriction setting to custom fields of the "order" table in HikaShop 4.4.1, so prior versions of HikaShop are not impacted...

7.1AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/04/29 12:0 a.m.43 views

[20230502] - Core - Bruteforce prevention within the mfa screen

The lack of rate limiting allows brute force attacks against MFA methods...

7.5CVSS7.1AI score0.0056EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/04/11 12:0 a.m.69 views

Visforms Base Package for Joomla!, 4, SQL Injection

Project: Visforms für Joomla 3 Extension: comvisforms Impact: Critical Severity: High Probability: Unkonwn Versions: 3.8.0 - 3.14.10 Exploit type: SQL Injection Reported Date: 2023-04-16 Fixed Date: 2023-04-19 CVE Number: CVE-2023-23753 Description An improper use of input filter allows...

9.8CVSS9.9AI score0.00798EPSS
Exploits1References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/03/23 12:0 a.m.32 views

JoomGallery, 3.6.1, SQL Injection

Vulnerability Type: 3rd party extension - SQL Injection Version: Old 3.6.1 / New 3.6.2 Update details: Fix vulnerability type SQL Injection. Update URL: https://www.en.joomgalleryfriends.net/news-3-6-2.html Changelog URL:...

7.8AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/02/28 12:0 a.m.27 views

[20230501] - Core - Open Redirects and XSS within the mfa selection

Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen...

6.1CVSS6.8AI score0.00406EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/02/13 12:0 a.m.64 views

[20230201] - Core - Improper access check in webservice endpoints

An improper access check allows unauthorized access to webservice endpoints...

5.3CVSS6.7AI score0.99827EPSS
Exploits43Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/02/07 12:0 a.m.27 views

J-BusinessDirectory, 5.7.7 and prior, Other

In the J-BusinessDirectory version 5.8.3 we have updated guzzlehttp to the latest version, 7.5.0 and to PSR 2.1.5...

1.6AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/01/01 12:0 a.m.36 views

[20230102] - Core - Missing ACL checks for com_actionlogs

A missing ACL check allows non super-admin users to access comactionlogs...

4.3CVSS5.9AI score0.00444EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2022/12/27 12:0 a.m.22 views

LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login , 5.0.2, Other

Other : 5.0.2 Exploit Check developer for new releases...

2.7AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2022/12/24 12:0 a.m.38 views

[20230101] - Core - CSRF within post-installation messages

A missing token check causes a CSRF vulnerability in the handling of post-installation messages...

6.3CVSS6.6AI score0.0023EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2022/10/28 12:0 a.m.29 views

[20221101] - Core - RXSS through reflection of user input in com_media

Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in commedia...

6.1CVSS6.4AI score0.00455EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2022/10/13 12:0 a.m.30 views

[20221001] - Core - Disclosure of critical information in debug mode

Joomla 4 sites with publicly enabled debug mode exposed data of previous requests...

5.3CVSS6AI score0.00502EPSS
Exploits0Affected Software1
Total number of security vulnerabilities747