Virtuemart@* Security Vulnerabilities and Issues — Virtuemart@* CVE List

Lucene search

VirtuemartVirtuemart*

10 matches found

CVE•added 2025/04/21 8:15 a.m.•76 views

CVE-2025-25228

A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area in backend.

3.8CVSS8AI score0.00032EPSS

CVE•added 2018/04/26 7:29 p.m.•49 views

CVE-2018-7465

An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding to the value and saving the product/config. By editing back the product/config, the editor's browser will execute everything after the , leading to a possible XSS.

5.4CVSS5.2AI score0.00278EPSS

CVE•added 2007/06/18 10:30 a.m.•46 views

CVE-2007-3247

SQL injection vulnerability in VirtueMart before 1.0.11 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly related to improper input validation of the PATH_INFO (PHP_SELF) by virtuemart_parser.php.

6.8CVSS8.5AI score0.00661EPSS

CVE•added 2007/02/26 5:28 p.m.•33 views

CVE-2007-1096

Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376.

6.8CVSS5.5AI score0.00958EPSS

CVE•added 2007/10/18 8:17 p.m.•33 views

CVE-2007-5563

Unspecified vulnerability in VirtueMart before 1.0.13 allows remote attackers to execute arbitrary PHP code via unspecified vectors.

7.5CVSS7.7AI score0.00585EPSS

CVE•added 2007/03/08 10:19 p.m.•32 views

CVE-2007-1361

Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in VirtueMart before 20070213 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue is probably different than CVE-2007-0376.

4.3CVSS5.6AI score0.00958EPSS

CVE•added 2018/02/06 4:29 p.m.•32 views

CVE-2015-3619

Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in the VirtueMart component before 3.0.8 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors involving a "double encode combination of first_name, last_name and company."

5.4CVSS5.3AI score0.00231EPSS

CVE•added 2007/02/26 5:0 p.m.•31 views

CVE-2005-4829

VirtueMart before 1.0.1 does not properly handle errors when a user is forbidden to read a requested page, which has unknown impact and remote attack vectors.

10CVSS6.9AI score0.00341EPSS

CVE•added 2009/09/11 4:30 p.m.•30 views

CVE-2008-7204

Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

6.8CVSS7.3AI score0.00142EPSS

CVE•added 2009/09/11 4:30 p.m.•26 views

CVE-2008-7205

Unspecified vulnerability in the product view functionality in VirtueMart 1.0.13a and earlier allows remote attackers to read arbitrary files via vectors related to a template file.

4.3CVSS6.7AI score0.00387EPSS