2 matches found
CVE-2019-17527
The CVE concerns the JS JOBS FREE Joomla! extension. Before version 1.2.7, the extension’s models/custormfields.php contains the dataForDepandantField function, which allows SQL Injection via the index.php?option=com_jsjobs&task=customfields.getfieldtitlebyfieldandfieldfo child parameter. Multipl...
CVE-2018-9183
The vulnerability concerns the Joomla! Joom Sky JS Jobs Extension, specifically versions before 1.2.1. A Cross-Site Scripting (XSS) flaw exists due to missing validation on the URL field when creating a company entry, enabling injection of arbitrary script/HTML. Exploitation details or in‑the‑wil...