Lucene search
K
JoomlaRecent

747 matches found

Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/05/19 7:21 a.m.•19 views

eXtplorer 2.1.12 various

eXtplorer 2.1.12 various Update Notice URL https://extplorer.net/news/24...

0.6AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/05/14 12:0 a.m.•23 views

oziogallery,5.0.1,XSS (Cross Site Scripting)

oziogallery,5.0.1,XSS Cross Site Scripting Update Notice URL https://www.facebook.com/groups/oziogallery/permalink/1588619457938122/ Change log Url https://www.opensourcesolutions.es/en/ext/ozio-gallery.htmlChangelog...

Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/05/13 1:34 p.m.•16 views

Akeeba LoginGuard,3.1.1 and all lower versions,Information Disclosure

Akeeba LoginGuard,3.1.1 and all lower versions,Information Disclosure Update via developers website...

3.7AI score
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/05/13 8:58 a.m.•17 views

RSEvents! Pro (March 2019),Other

RSEvents! Pro March 2019,Other new version number 2.2.1 UpdateNotice URL https://www.rsjoomla.com/blog/view/468-csv-vulnerability-explained.html...

1.3AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/05/13 8:58 a.m.•18 views

RSEvents! Pro Cart Plugin older than 1.1.15 ,Other

RSEvents! Pro Cart Plugin older than 1.1.15,Other UpdateNotice URL https://www.rsjoomla.com/blog/view/468-csv-vulnerability-explained.html...

1.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/05/13 8:58 a.m.•18 views

RSMembership! older than 1.22.11 ,Other

RSMembership! older than 1.22.11,Other UpdateNotice URL https://www.rsjoomla.com/blog/view/468-csv-vulnerability-explained.html...

0.7AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/05/02 12:0 a.m.•44 views

RSForm! Pro,2.2.0 (March 2019),Other

RSForm! Pro,2.2.0 March 2019,Other new version number 2.2.1 UpdateNotice URL https://www.rsjoomla.com/blog/view/468-csv-vulnerability-explained.html...

1.1AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/04/29 12:0 a.m.•93 views

[20190501] - Core - XSS in com_users ACL debug views

The debug views of comusers do not properly escape user supplied data, which leads to a potential XSS attack vector...

6.1CVSS2.8AI score0.00793EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/04/29 12:0 a.m.•93 views

[20190601] - Core - CSV injection in com_actionlogs

The CSV export of comactionslogs is vulnerable to CSV injection...

9.8CVSS1.8AI score0.1049EPSS
Exploits1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/04/25 12:0 a.m.•25 views

Phoca Gallery,4.3.15 prior,Other

Phoca Gallery,4.3.15 prior,Other Update Notice URL https://www.phoca.cz/news/1029-phoca-gallery-4-3-17-released...

0.5AI score
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/04/22 12:0 a.m.•19 views

kunena, ,XSS (Cross Site Scripting)

kunena,5.1.3,XSS Cross Site Scripting...

1.6AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/04/10 12:0 a.m.•113 views

[20190603] - Core - ACL hardening of com_joomlaupdate

The update server URL of comjoomlaupdate can be manipulated by non Super-Admin users...

6.5CVSS1.6AI score0.01101EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/04/09 12:0 a.m.•69 views

[20190801] - Core - Hardening com_contact contact form

Inadequate checks in comcontact could allowed mail submission in disabled forms...

5.3CVSS1.5AI score0.00975EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/03/27 12:0 a.m.•18 views

[20190502] - Core - By-passing protection of Phar Stream Wrapper Interceptor

In Joomla 3.9.3, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the Joomla core. In order to intercept file invocations like fileexists or stat on compromised Phar archives the base name has to be determined and...

1.6AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/03/25 6:43 p.m.•20 views

AcyMailing 5.10.6 Various

AcyMailing 5.10.6 Various new version number 5.10.7 UpdateNotice URL https://www.acyba.com/support/change-log.html Changelog Url https://www.acyba.com/support/change-log.html...

1.6AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/03/25 12:0 a.m.•97 views

[20190403] - Core - Object.prototype pollution in JQuery $.extend

The $.extend method of JQuery is vulnerable to Object.prototype pollution attacks...

6.1CVSS2.5AI score0.87218EPSS
Exploits4Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/03/22 12:0 a.m.•19 views

TCPDF Library,6.2.12,Other

TCPDF Library,6.2.12,Other updated to v6.2.26 | ---|--- ttweetfsubscribe...

7.1AI score
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/03/17 4:57 p.m.•14 views

Jevents 3.4.49 Various

Jevents 3.4.49 Various UpdateNotice URL https://www.jevents.net/blog/jevents-3-4-50-released-all-users-should-upgrade...

0.4AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/03/13 12:0 a.m.•71 views

[20190401] - Core - Directory Traversal in com_media

The Media Manager component does not properly sanitise the folder parameter, allowing attackers to act outside the media manager root directory...

9.8CVSS9.1AI score0.38018EPSS
Exploits7Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/03/13 12:0 a.m.•49 views

[20190402] - Core - Helpsites refresh endpoint callable for unauthenticated users

The "refresh list of helpsites" endpoint of comusers lacks access checks, allowing calls from unauthenticated users...

7.5CVSS8.6AI score0.01101EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/03/04 12:0 a.m.•36 views

[20190301] - Core - XSS in com_config JSON handler

The JSON handler in comconfig lacks input validation, leading to XSS vulnerability...

6.1CVSS1.5AI score0.00754EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/03/03 12:0 a.m.•19 views

Kunena,5.1.9,XSS (Cross Site Scripting)

Kunena,5.1.9,XSS Cross Site Scripting https://www.kunena.org/blog/203-kunena-5-1-10-released...

7.1AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/02/28 12:0 a.m.•28 views

[20190304] - Core - Missing ACL check in sample data plugins

The sample data plugins lack ACL checks, allowing unauthorized access...

7.5CVSS3.6AI score0.01686EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/02/25 12:0 a.m.•26 views

[20190302] - Core - XSS in item_title layout

The itemtitle layout in edit views lacks escaping, leading to a XSS vulnerability...

6.1CVSS1.7AI score0.00754EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/02/25 12:0 a.m.•20 views

[20190303] - Core - XSS in media form field

The media form field lacks escaping, leading to a XSS vulnerability...

6.1CVSS2.7AI score0.00754EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/02/23 12:0 a.m.•19 views

Edocman,1.1.17,SQL Injection

Edocman,1.1.17,SQL Injection Extension Update Details Fix security issue on Joomla SQL injection from previous Edocman version. new version number 1.11.8 UpdateNotice URL...

8.4AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/02/08 12:0 a.m.•51 views

[20210703] - Core - Lack of enforced session termination

Various CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked...

5.3CVSS2.3AI score0.01005EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/02/04 4:30 p.m.•24 views

Easy Shop ,1.2.3 ,Other

Easy Shop ,1.2.3 ,Other Developer update 1.2.4 https://www.joomtech.net/blog/easyshop-1-2-4-security-issues-fixed Developer did not tellvel...

7.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/01/20 4:18 p.m.•18 views

JoomCRM 1.1.1

new version number 1.1.2 https://www.joomboost.com/blog-updates/joomcrm-version-1-1-2-security-announcement.html...

0.7AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/01/20 4:17 p.m.•16 views

JoomProject 1.1.3.2 ID

new version number 1.1.3.3 https://www.joomboost.com/blog-updates/joomproject-version-1-1-3-3-security-announcement.html...

1.3AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/01/20 9:18 a.m.•26 views

J-CruiseReservation 6.0.2 sqli

new version number 6.0.4 UpdateNotice URL https://www.cmsjunkie.com/blog/cruise-reservations-update/...

7.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/01/18 12:0 a.m.•34 views

[20190206] - Core - Implement the TYPO3 PHAR stream wrapper

The phar:// stream wrapper can be used for objection injection attacks. We now disallow usage of the phar:// handler for non .phar-files within the CMS globally by implementing the TYPO3 PHAR stream wrapper...

9.8CVSS9.3AI score0.02671EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/01/17 12:0 a.m.•26 views

[20190203] - Core - Additional warning in the Global Configuration textfilter settings

"No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior but might be unexpected for the user. An additional message is now shown in the configuration dialog...

6.1CVSS7.8AI score0.00924EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/01/16 12:0 a.m.•24 views

[20190204] - Core - Stored XSS issue in the Global Configuration help url #2

Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS...

6.1CVSS7.7AI score0.008EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/01/01 12:0 a.m.•81 views

[20190602] - Core - XSS in subform field

The subform fieldtype does not sufficiently filter or validate input of subfields, this leads to XSS attack vectors...

6.1CVSS3.5AI score0.00922EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/12/30 10:2 p.m.•23 views

kunena,5.1.7,XSS (Cross Site Scripting)

kunena,5.1.7,XSS Cross Site Scripting https://www.kunena.org/blog/201-kunena-5-1-8-released...

7.1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/12/05 9:38 a.m.•17 views

Jomres,9.14.0 & lower,Other

Jomres,9.14.0 & lower Developer statement new version number 9.15.0 UpdateNotice URL https://www.jomres.net/blog/99-jomres-9-15-0-security-release-new-features Changelog Url https://www.jomres.net/support/changelog...

7.2AI score
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/12/05 12:0 a.m.•32 views

[20190104] - Core - Stored XSS issue in the Global Configuration help url

Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS...

5.4CVSS5.7AI score0.00569EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/12/04 12:0 a.m.•46 views

[20190102] - Core - Stored XSS in com_contact

Inadequate escaping in comcontact leads to a stored XSS vulnerability...

6.1CVSS5.7AI score0.00754EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/12/01 12:0 a.m.•34 views

[20190101] - Core - Stored XSS in mod_banners

Inadequate escaping in modbanners leads to a stored XSS vulnerability...

6.1CVSS5.8AI score0.00754EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/11/29 12:0 a.m.•41 views

[20190103] - Core - Stored XSS issue in the Global Configuration textfilter settings

Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS...

4.8CVSS5.6AI score0.035EPSS
Exploits5Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/11/24 11:52 a.m.•19 views

music collection, 3.0.3 ,SQL Injection

music collection, 3.0.3 ,SQL Injection Developer statement: currently at version 3.0.6, this was already fixed in 3.0.4...

4.4AI score
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/11/20 6:46 p.m.•22 views

kunena,5.1.6.1,XSS (Cross Site Scripting)

kunena,5.1.6.1,XSS Cross Site Scripting Developer statement: Update to 5.1.7 https://www.kunena.org/blog/200-kunena-5-1-7-released...

7.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/11/16 9:15 p.m.•16 views

Jimtawl 2.2.7 - 'id' SQL Injection

Jimtawl 2.2.7 - 'id' SQL Injection Developer statement update to 2.2.8 http://janguo.de/lang-de/joomla-25-higher/joomla-25-jimtawl-2-1.html...

8.4AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/11/13 12:0 a.m.•30 views

[20190201] - Core - Lack of URL filtering in various core components

Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability...

6.1CVSS7.3AI score0.008EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/11/04 12:0 a.m.•36 views

[20201107] - Core - Write ACL violation in multiple core views

Lack of input validation while handling ACL rulesets can cause write ACL violations...

7.5CVSS8AI score0.06095EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/10/15 12:0 a.m.•18 views

CW Article Attachments (Free Version), SQL Injection

CW Article Attachments Free Version from cwjoomla.com, versions 1.0.6 and previous, SQL Injection resolution: update to 1.0.7 update notice: http://www.cwjoomla.com/download-cw-article-attachments...

2.1AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/10/15 12:0 a.m.•25 views

CW Article Attachments (Pro Version), SQL Injection

CW Article Attachments Pro Version from cwjoomla.com, versions 2.1.0 and previous, SQL Injection resolution: update to 2.1.2 update notice: http://www.cwjoomla.com/download-cw-article-attachments...

2.3AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/10/14 12:0 a.m.•16 views

kunena,5.1.4,Other

kunena,5.1.4,Other statement post: https://www.kunena.org/blog/198-kunena-5-1-5-released...

7.2AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/10/09 12:0 a.m.•21 views

JSN Framework System Plugin, 2.1.5

JSN Framework System Plugin, versions 2.1.5 and previous, unrestricted file uploads without any authorization Resolution: update to 2.1.6 Update notice: https://www.joomlashine.com/forums/jsn-extension-framework-gen-1-plugin-v2-1-6-is-released.html Users are strongly urged to update immediately...

7.1AI score
Exploits0References3Affected Software1
Total number of security vulnerabilities747