Lucene search
K
JoomlaRecent

747 matches found

Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/06/21 12:0 a.m.•42 views

[20201101] - Core - com_finder ignores access levels on autosuggest

The autosuggestion feature of comfinder did not respect the access level of the corresponding terms...

7.5CVSS2.7AI score0.01316EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/06/17 12:0 a.m.•31 views

[20200706] - Core - System Information screen could expose redis or proxy credentials

Inadequate filtering in the system information screen could expose redis or proxy credentials...

5.3CVSS5.6AI score0.01636EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/06/08 12:0 a.m.•30 views

[20200705] - Core - Escape mod_random_image link

Lack of input filtering and escaping allows XSS attacks in modrandomimage...

6.1CVSS5.8AI score0.03185EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/06/02 12:0 a.m.•39 views

[20200704] - Core - Variable tampering via user table class

Internal read-only fields in the User table class could be modified by users...

4.3CVSS5.5AI score0.00998EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/05/26 12:0 a.m.•20 views

xcloner,3.53,Other

xcloner,3.53,Other Developer statement Today we have made available a new release — version 3.5.4 — for the unmaintained Joomla version of XCloner. Prior versions of XCloner for Joomla contained an Authenticated Local File Disclosure vulnerability that has been patched in the latest version. Any...

3.3AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/05/20 12:0 a.m.•21 views

Ordasoft CCK, 6.1.12 Various

Ordasoft CCK, 6.1.12 Various,,Other new version number...

3.4AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/05/08 12:0 a.m.•65 views

[20200605] - Core - CSRF in com_postinstall

Missing token checks in compostinstall cause CSRF vulnerabilities...

8.8CVSS2.6AI score0.00677EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/05/07 12:0 a.m.•35 views

[20210305] - Core - Input validation within the template manager

Missing input validation within the template manager...

7.5CVSS8.3AI score0.01546EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/05/07 12:0 a.m.•24 views

[20200701] - Core - CSRF in com_installer ajax_install endpoint

A missing token check in the ajaxinstall endpoint cominstaller causes a CSRF vulnerability...

6.9AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/05/07 12:0 a.m.•32 views

[20200703] - Core - CSRF in com_privacy remove-request feature

A missing token check in the remove request section of comprivacy causes a CSRF vulnerability...

6.8CVSS6.2AI score0.00594EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/05/07 12:0 a.m.•26 views

[20210303] - Core - XSS within alert messages showed to users

Missing filtering of messages showed to users that could lead to xss issues...

6.1CVSS7.6AI score0.00942EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/05/06 12:0 a.m.•43 views

[20200603] - Core - XSS in com_modules tag options

Incorrect input validation of the module tag option in commodules allow XSS attacks...

6.1CVSS3.1AI score0.0096EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/05/06 12:0 a.m.•55 views

[20200601] - Core - XSS in modules heading tag option

Lack of input validation in the heading tag option of the "Articles – Newsflash" and "Articles - Categories" modules allow XSS attacks...

6.1CVSS2.6AI score0.0096EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/05/05 12:0 a.m.•38 views

[20210304] - Core - XSS within the feed parser library

Missing filtering of feed fields could lead to xss issues...

6.1CVSS7.6AI score0.00942EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/04/23 12:0 a.m.•52 views

[20200602] - Core - Inconsistent default textfilter settings

The default settings of the global "textfilter" configuration doesn't block HTML inputs for 'Guest' users. With 3.9.19, the textfilter for new installations has been set to 'No HTML' for the groups 'Public', 'Guest' and 'Registered'...

7.5CVSS8AI score0.01227EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/04/10 12:0 a.m.•206 views

[20200604] - Core - XSS in jQuery.htmlPrefilter

The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are "... security issues in jQuery’s DOM manipulation methods, as in .html, .append, and the others."...

2.2AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/04/04 12:0 a.m.•34 views

[20200702] - Core - Missing checks can lead to a broken usergroups table record

Missing validation checks at the usergroups table object can result into an broken site configuration...

5.3CVSS5.8AI score0.00663EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/04/03 10:48 a.m.•18 views

hwdplayer,4.2,SQL Injection

hwdplayer,4.2,SQL Injection Possible abandonware also...

2.4AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/04/03 12:0 a.m.•17 views

GMapFP 3.30,Other

GMapFP 3.30,3.30,Other Related in https://vel.joomla.org/resolved/1835-gmapfp-3-39f-xss-cross-site-scripting new version number 3.55...

7.1AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/04/03 12:0 a.m.•20 views

fabrik 3.9,Various

,fabrik 3.9. Various Issues NOTE: the earlier version number was a mistake by the reporter. new version number 3.9.1 Update Notice URL https://fabrikar.com/blog/87-fabrik-3-9-1-released...

7.1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/03/25 12:0 a.m.•23 views

acymailing, 6.9.2,Other

acymailing, 6.9.2,Other Update to version 6.9.2 Developer did not inform the VEL team...

3.1AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/03/13 12:0 a.m.•51 views

[20200403] - Core - Incorrect access control in com_users access level deletion function

Incorrect ACL checks in the access level section of comusers allow the unauthorized deletion of usergroups...

5.3CVSS3.5AI score0.0076EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/03/13 12:0 a.m.•78 views

[20200401] - Core - Incorrect access control in com_users access level editing function

Incorrect ACL checks in the access level section of comusers allow the unauthorized editing of usergroups...

5.3CVSS5.4AI score0.00795EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/03/09 12:0 a.m.•62 views

[20200306] - Core - SQL injection in Featured Articles menu parameters

The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the "Featured Articles" frontend menutype...

9.8CVSS4.1AI score0.02042EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/02/28 12:0 a.m.•62 views

[20200305] - Core - Incorrect Access Control in com_fields SQL field

Incorrect Access Control in the SQL fieldtype of comfields allows access for non-superadmin users...

8.8CVSS5.1AI score0.02655EPSS
Exploits2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/02/27 12:0 a.m.•59 views

[20200402] - Core - Missing checks for the root usergroup in usergroup table

Inproper input validations in the usergroup table class could lead to a broken ACL configuration...

5.3CVSS2.1AI score0.02761EPSS
Exploits1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/02/24 12:0 a.m.•59 views

[20200302] - Core - XSS in Protostar and Beez3

Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allow XSS attacks...

6.1CVSS3.6AI score0.0096EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/02/17 12:0 a.m.•35 views

[20210306] - Core - com_media allowed paths that are not intended for image uploads

commedia allowed paths that are not intended for image uploads...

7.5CVSS7.7AI score0.06529EPSS
Exploits2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/02/07 12:0 a.m.•48 views

[20200304] - Core - Identifier collisions in com_users

Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses...

5.3CVSS3AI score0.01205EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/02/06 12:0 a.m.•57 views

[20200301] - Core - CSRF in com_templates image actions

Missing token checks in the image actions of comtemplates causes CSRF vulnerabilities...

8.8CVSS3.6AI score0.00677EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/02/02 12:0 a.m.•56 views

[20200803] - Core - Directory traversal in com_media

Lack of input validation allows commedia root paths outside of the webroot...

4.8AI score
Exploits2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/01/31 12:0 a.m.•47 views

[20200303] - Core - Incorrect Access Control in com_templates

Various actions in comtemplates lack the required ACL checks, leading to various potential attack vectors...

7.5CVSS4.5AI score0.05578EPSS
Exploits1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/12/25 12:0 a.m.•46 views

[20200103] - Core - XSS in com_actionlogs

Inadequate escaping of usernames allow XSS attacks in comactionlogs...

6.1CVSS6.9AI score0.0096EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/12/23 12:0 a.m.•23 views

[20200101] - Core - CSRF in batch actions

Missing token checks in the batch actions of various components causes CSRF vulnerabilities...

8.8CVSS8.4AI score0.00452EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/12/18 12:0 a.m.•30 views

[20200102] - Core - CSRF com_templates LESS compiler

A missing CSRF token check in the LESS compiler of comtemplates causes a CSRF vulnerability...

8.8CVSS8.3AI score0.00845EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/12/01 12:0 a.m.•54 views

[20191202] - Core - Various SQL injections through configuration parameters

The lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors...

9.8CVSS9.7AI score0.01686EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/11/22 12:0 a.m.•43 views

[20191201] - Core - Path Disclosure in framework files

Missing access check in framework files could lead to a path disclosure...

5.3CVSS7.2AI score0.01101EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/11/01 12:0 a.m.•96 views

[20191002] - Core - Path Disclosure in phpuft8 mapping files

Missing access check in the phputf8 mapping files could lead to an path disclosure...

5.3CVSS6.7AI score0.01093EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/10/16 12:0 a.m.•18 views

J2Store, 3.3.9. and previous,XSS (Cross Site Scripting)

J2Store,3.9.x,XSS Cross Site Scripting Update to 3.3.11 https://www.j2store.org/blog/general/j2store-3-3-11-released-with-improvements-and-a-security-fix.html...

7.1AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/10/10 12:0 a.m.•64 views

[20191001] - Core - CSRF in com_template overrides view

A missing token check in comtemplate causes a CSRF vulnerability...

8.8CVSS8.4AI score0.00452EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/10/08 12:0 a.m.•18 views

js jobs,1.1.5, 1.1.6, 1.2.5 and 1.2.6,Other

js jobs,1.1.5, 1.1.6, 1.2.5 and 1.2.6,Other Extension Update Details Fix the file security bug. new version number 2.1.7...

2.1AI score
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/09/11 12:0 a.m.•23 views

PayPlans,4.0, ID

PayPlans,4.0, ID https://stackideas.com/blog/payplans-4013 Update to 4.0.13...

7.2AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/08/28 12:0 a.m.•79 views

[20190901] - Core - XSS in logo parameter of default templates

Inadequate escaping allowed XSS attacks using the logo parameter of the default templates...

6.1CVSS5.8AI score0.00671EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/08/22 12:0 a.m.•29 views

jDownloads,3.2.64,SQL Injection

jDownloads,3.2.64,SQL Injection Developers update http://www.jdownloads.com/index.php/downloads/download/6-jdownloads/2-jdownloads-3-2.htmljd65...

7.5AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/08/14 7:28 p.m.•15 views

kunena, 5.0.x - 5.1.14 ,XSS (Cross Site Scripting)

kunena, 5.0.x - 5.1.14 ,XSS Cross Site Scripting Developer statement https://www.kunena.org/blog/207-kunena-5-1-14-released...

7.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/08/12 12:0 a.m.•18 views

JS support ticket,1.1.6, SQL Injection

JS support ticket,1.1.6, SQL Injection resolution: update to 1.1.7 update notice: https://joomsky.com/products/js-ticket-joomla.html...

7.8AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/08/09 12:0 a.m.•30 views

Easy Discuss 4.1.9 SQL Injection

Easy Discuss 4.1.9 by Stack Ideas, SQL Injection Resolution: update to 4.1.10 update notice: https://stackideas.com/blog/important-security-update-for-easydiscuss4-1-10...

7.8AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/08/08 12:0 a.m.•31 views

JS support ticket,1.1.5,Directory Traversal

JS support ticket,1.1.5,Directory Traversal resolution: update to 1.1.6 update notice: https://joomsky.com/products/js-ticket-joomla.html...

7.1AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/06/20 12:0 a.m.•36 views

[20190701] - Core - Filter attribute in subform fields allows remote code execution

Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option...

8.8CVSS8.3AI score0.02314EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/06/03 12:0 a.m.•35 views

ZOO by YOOtheme,3.3.33,SQL Injection

ZOO by YOOtheme,3.3.33,SQL Injection Fix SQL injection vulnerability in Admin Controllers new version number 3.3.34 Update Notice URL https://yootheme.com/support/zoo/changelog...

1.5AI score
Exploits0References2Affected Software1
Total number of security vulnerabilities747