CVE-2018-5263

CVE-2018-5263 concerns the StackIdeas EasyDiscuss Joomla! extension (com_easydiscuss) prior to 4.0.21. The vulnerability is a cross-site scripting (XSS) flaw triggered when editing a message: injecting a payload can cause script execution in a user’s browser after the textarea closes. Affected v...

CVE-2023-51810

StackIdeas EasyDiscuss v5.0.5 contains a SQL injection vulnerability in the search parameter of the Users module, enabling remote attackers to obtain sensitive information. Root cause: improper handling of input in the Users search code, leading to injectable SQL. A fixed version (v5.0.10) is ava...

CVE-2026-21624

CVE-2026-21624 affects the Easy Discuss Joomla extension (versions 1.0.0–5.0.15) and is due to a lack of input filtering in the user avatar text handling, enabling persistent XSS. Multiple feeds (NVD, Red Hat, CVE lists, EUVD, CIRCL, etc.) corroborate the same description without detailing exploi...

CVE-2026-21625

CVE-2026-21625 affects the stackideas.com EasyDiscuss Joomla extension (1.0.0–5.0.15). The root cause is improper validation of user-uploaded files: uploads are only checked by file extensions, with no MIME-type validation. This implies potential for arbitrary file upload by triggering mismatched...

CVE-2026-21623

The CVE-2026-21623 entry concerns the EasyDiscuss Joomla extension. Affected software: Joomla with the EasyDiscuss component, versions 1.0.0 through 5.0.15. Root cause: lack of input filtering in the forum post handling, enabling a persistent XSS vulnerability. Impact per sources: high confidenti...

CVE-2026-21626

CVE-2026-21626 affects EasyDiscuss for Joomla (StackIdeas). The issue is that access control settings for forum post custom fields are not applied when data is output in JSON, causing an ACL bypass and potential information disclosure. Multiple sources (NVD, Red Hat, CVE list, CVE records) descri...