Lucene search
K
JoomlaRecent

747 matches found

Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2022/10/07 12:0 a.m.•24 views

[20221002] - Core - RXSS through reflection of user input in headings

Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components...

6.1CVSS6.4AI score0.00359EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2022/10/01 12:0 a.m.•17 views

JKassa, 2.0.0, SQL Injection

JKassa, 2.0.0, SQL Injection Update to latest version https://jkassa.com/en/extensions/jkassa.html...

1.6AI score
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2022/09/30 12:0 a.m.•24 views

jCart for OpenCart, jCart for OpenCart 3.0.3.19, XSS (Cross Site Scripting)

Here is the link on our site: https://extensions.soft-php.com/support/latest-news/79-joocart-jcart-30325-release-notice.html...

7.1AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2022/09/29 12:0 a.m.•14 views

EDocman, 1.23.3, XSS (Cross Site Scripting)

developer update https://joomdonation.com/forum/edocman/75400-01st-august-2023-new-version-1-24-7-xss-issue-fixed.html...

7.2AI score
Exploits0References2
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2022/08/27 12:0 a.m.•32 views

[20220801] - Core - Multiple Full Path Disclosures because of missing '_JEXEC or die check'

Multiple Full Path Disclosures because of missing 'JEXEC or die check' caused by the PSR12 changes done in 4.2.0. According to PROD2020/023 and in coordination with the JSST this has been patched in the public tracker vis 38615...

5.3CVSS5.9AI score0.00502EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2022/07/07 12:0 a.m.•23 views

JUX Timetable x

JUX TimetableVersion: Old 1.0.4 / New 1.0.5 Update URL: https://extensions.joomla.org/extension/jux-timetable/ Download URL: https://demo.joomlaux.com/download/pkgjuxtimetable.zip...

7.2AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2022/02/20 12:0 a.m.•38 views

[20220301] - Core - Zip Slip within the Tar extractor

Extracting an specifilcy crafted tar package could write files outside of the intended path...

7.5CVSS2.4AI score0.02007EPSS
Exploits3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2022/02/18 12:0 a.m.•31 views

adblock detector nordmograph

Malicious script New in 2.1 : Miner feature discontinued This is a security release for the 3.x series of Joomla! This release fixes one low level security issues...

7.1AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2022/01/19 12:0 a.m.•35 views

[20220308] - Core - Inadequate content filtering within the filter code

Inadequate content filtering leads to XSS vulnerabilities in various components...

6.1CVSS1.8AI score0.0065EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/11/05 12:0 a.m.•35 views

[20220307] - Core - Variable Tampering on JInput $_REQUEST data

Under specific circumstances, JInput pollutes method-specific input bags with $REQUEST data...

9.8CVSS2.3AI score0.01172EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/09/28 12:0 a.m.•29 views

Balbooa Forms, 2.0.6 (not tested on others), SQL Injection

Balbooa Forms, 2.0.6 , SQL Injection...

3.3AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/08/25 12:0 a.m.•34 views

[20220309] - Core - XSS attack vector through SVG

Possible XSS attack vector through SVG embedding in commedia...

6.1CVSS1.9AI score0.00565EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/08/20 12:0 a.m.•51 views

[20210801] - Core - Insufficient access control for com_media deletion endpoint

The media manager does not correctly check the user's permissions before executing a file deletion command...

9.1CVSS8.7AI score0.00918EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/06/22 12:0 a.m.•70 views

[20210705] - Core - XSS in com_media imagelist

Inadequate escaping in the imagelist view of commedia leads to a XSS vulnerability...

6.1CVSS1.4AI score0.00877EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/06/08 12:0 a.m.•43 views

[20210702] - Core - DoS through usergroup table manipulation

Missing validation of input could lead to a broken usergroups table...

7.5CVSS1.7AI score0.01439EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/06/06 12:0 a.m.•54 views

[20210704] - Core - Privilege escalation through com_installer

Install action in cominstaller lack the required hardcoded ACL checks for superusers, leading to various potential attack vectors. A default system is not affected cause by default cominstaller is limited to super users already...

7.5CVSS3.9AI score0.01209EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/05/29 12:0 a.m.•58 views

[20210701] - Core - XSS in JForm Rules field

Inadequate escaping in the Rules field of the JForm API leads to a XSS vulnerability...

6.1CVSS1.4AI score0.00877EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/05/07 12:0 a.m.•50 views

[20210503] - Core - CSRF in data download endpoints

A missing token check causes a CSRF vulnerability in data download endpoints in combanners and comsysinfo...

6.5CVSS3.2AI score0.00604EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/05/07 12:0 a.m.•49 views

[20210502] - Core - CSRF in AJAX reordering endpoint

A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint...

6.5CVSS3.3AI score0.00604EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/05/06 12:0 a.m.•23 views

[20220304] - Core - Missing input validation within com_fields class inputs

Lack of input validation could allow an XSS attack using comfields...

6.1CVSS3.5AI score0.00565EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/03/30 12:0 a.m.•40 views

YooRecipe, All,

SQL injection vulnerability possibly all versions abandoned extension...

3.7AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/03/23 12:0 a.m.•34 views

[20220306] - Core - Inadequate validation of internal URLs

Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not...

6.1CVSS1.4AI score0.00566EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/03/09 12:0 a.m.•33 views

[20210401] - Core - Escape xss in logo parameter error pages

Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error pages...

6.1CVSS2.6AI score0.82272EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/03/05 12:0 a.m.•51 views

[20210501] - Core - Adding HTML to the executable block list of MediaHelper::canUpload

HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors...

6.1CVSS2.9AI score0.0098EPSS
Exploits1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/03/04 12:0 a.m.•41 views

[20220305] - Core - Inadequate filtering on the selected Ids

Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection...

9.8CVSS1.5AI score0.01059EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/02/17 12:0 a.m.•36 views

[20220302] - Core - Path Disclosure within filesystem error messages

Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application...

5.3CVSS1AI score0.00871EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/01/31 12:0 a.m.•34 views

[20210309] - Core - Inadequate filtering of form contents could allow to overwrite the author field

Inadequate filtering of form contents could allow to overwrite the author field. The affected core components are comfields, comcategories, combanners, comcontact, comnewsfeeds and comtags...

5.3CVSS7.1AI score0.0114EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/01/13 12:0 a.m.•29 views

[20210302] - Core - Potential Insecure FOFEncryptRandval

The core shipped but unused randval implementation within FOF FOFEncryptRandval used an potential insecure implemetation. That has now been replaced with a call to "randombytes" and its backport that is shipped within randomcompat...

9.1CVSS8.9AI score0.01567EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/01/12 12:0 a.m.•29 views

[20210301] - Core - Insecure randomness within 2FA secret generation

Usage of the insecure rand function within the process of generating the 2FA secret.Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes...

7.1AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/01/03 12:0 a.m.•30 views

[20210402] - Core - Inadequate filters on module layout settings

Inadequate filters on module layout settings could lead to an LFI...

5.3CVSS2.9AI score0.01188EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/12/30 9:47 p.m.•44 views

RealPin by Frumania, SQL, 1.5.04

Name: Realpin Old 1.5.04 / New 1.6.0 Update details: Fixed risk of SQL Injection Update URL: https://realpin.frumania.com/...

0.4AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/11/09 12:0 a.m.•20 views

JomSocial , 4.7.6, XSS (Cross Site Scripting)

JomSocial , 4.7.6, XSS Cross Site Scripting investigation...

1.7AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/11/04 12:0 a.m.•21 views

publisher, 3.0.19, XSS (Cross Site Scripting)

ijoomlapublisher, 3.0.19, XSS Cross Site Scripting...

1.2AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/10/25 12:0 a.m.•30 views

[20210307] - Core - ACL violation within com_content frontend editing

Incorrect ACL checks could allow unauthorized change of the category for an article...

5.3CVSS7.1AI score0.0108EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/10/20 12:0 a.m.•23 views

paGO Commerce, 2.5.9.0, SQL Injection

paGO Commerce, 2.5.9.0, SQL Injection...

2.4AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/10/13 12:0 a.m.•103 views

[20201104] - Core - SQL injection in com_users list view

Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list...

9.8CVSS3.1AI score0.284EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/10/08 12:0 a.m.•35 views

[20201106] - Core - CSRF in com_privacy emailexport feature

A missing token check in the emailexport feature of comprivacy causes a CSRF vulnerability...

6.8CVSS2.4AI score0.00395EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/10/06 12:0 a.m.•46 views

[20201103] - Core - Path traversal in mod_random_image

The folder parameter of modrandomimage lacked input validation, leading to a path traversal vulnerability...

7.5CVSS3.6AI score0.01578EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/09/23 12:0 a.m.•27 views

[20220303] - Core - User row are not bound to a authentication mechanism

A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover...

9.8CVSS3.8AI score0.01098EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/09/23 12:0 a.m.•38 views

[20201102] - Core - Disclosure of secrets in Global Configuration page

The globlal configuration page does not remove secrets from the HTML output, disclosing the current values...

7.5CVSS0.5AI score0.01305EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/09/08 12:0 a.m.•35 views

[20210308] - Core - Path Traversal within joomla/archive zip class

Extracting an specifilcy crafted zip package could write files outside of the intended path...

5.5CVSS3.6AI score0.01161EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/09/01 12:0 a.m.•39 views

[20210103] - Core - XSS in com_tags image parameters

Lack of escaping of image-related parameters in multiple comtags views cause lead to XSS attack vectors...

6.1CVSS3.2AI score0.00763EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/09/01 12:0 a.m.•46 views

[20210102] - Core - XSS in mod_breadcrumbs aria-label attribute

Lack of escaping in modbreadcrumbs aria-label attribute allows XSS attacks...

6.1CVSS3.3AI score0.81167EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/08/21 12:0 a.m.•56 views

[20200801] - Core - XSS in mod_latestactions

Lack of escaping in modlatestactions allows XSS attacks...

6.1CVSS2.7AI score0.01162EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/08/15 12:0 a.m.•41 views

[20201105] - Core - User Enumeration in backend login

Improper handling of the username leads to a user enumeration attack vector in the backend login page...

5.3CVSS2.1AI score0.0105EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/07/23 8:42 a.m.•32 views

JCE Pro, 2.8.15, xss

This 2.8.15 an important security update is included to prevent potential cross-site scripting attacks. https://www.joomlacontenteditor.net/news/jce-pro-2-8-15-released...

6.6AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/07/16 12:0 a.m.•22 views

CMS2CMS, Connector Extension, 2.00 permissions

CMS2CMS Connector Extension 2.00 Update of the permission type created for the catalog file 2.01...

2.1AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/07/14 12:0 a.m.•18 views

js jobs, 1.3, SQL Injection

js jobs,1.3,SQL Injection...

1.5AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/07/07 12:0 a.m.•37 views

[20210101] - Core - com_modules exposes module names

Lack of ACL checks in the orderPosition endpoint of commodules leak names of unpublished and/or inaccessible modules...

5.3CVSS2.4AI score0.01134EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/07/05 12:0 a.m.•46 views

[20200802] - Core - Open redirect in com_content vote feature

Lack of input validation in comcontent leads to an open redirect...

6.1CVSS1.9AI score0.01158EPSS
Exploits0Affected Software1
Total number of security vulnerabilities747