6 matches found
CVE-2019-17527
The CVE concerns the JS JOBS FREE Joomla! extension. Before version 1.2.7, the extension’s models/custormfields.php contains the dataForDepandantField function, which allows SQL Injection via the index.php?option=com_jsjobs&task=customfields.getfieldtitlebyfieldandfieldfo child parameter. Multipl...
CVE-2025-22206
CVE-2025-22206 affects the Joomla JS Jobs plugin versions 1.1.5–1.4.2. The underlying issue is a SQL injection in the GDPR Field feature via the fieldfor parameter, allowing an authenticated administrator to execute arbitrary SQL commands. The vulnerability is confirmed across multiple sources in...
CVE-2025-22209
CVE-2025-22209 (JS Jobs Joomla plugin) affects JS Jobs plugin versions 1.1.5–1.4.3 for Joomla. The underlying issue is a SQL injection in the Employer Payment History search feature, exploitable by an authenticated administrator via the searchpaymentstatus parameter. Affected component/file: the ...
CVE-2018-9183
The vulnerability concerns the Joomla! Joom Sky JS Jobs Extension, specifically versions before 1.2.1. A Cross-Site Scripting (XSS) flaw exists due to missing validation on the URL field when creating a company entry, enabling injection of arbitrary script/HTML. Exploitation details or in‑the‑wil...
CVE-2025-22208
CVE-2025-22208 affects the Joomla JS Jobs plugin (versions 1.1.5–1.4.3). The vulnerability is a SQL injection in the GDPR Erase Data Request search, exploitable by authenticated administrators via the filter_email parameter. Underlying cause is improper input handling in the SQL query used for th...
CVE-2018-5994
CVE-2018-5994 affects Joomla! JS Jobs 1.1.9. SQL Injection via the zipcode parameter in newest-jobs requests or the ta parameter in view_resume requests. Public exploitation is documented (exploit-db). No remediation or patch/version details are provided in the supplied documents. CVSSv3.0 base s...