National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:joomla:joomla%21:3.2.0:alpha
There are 409 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2014-6631

Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: October 08, 2014; 03:55:04 PM -04:00
    V2: 4.3 MEDIUM
CVE-2013-5955

Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary parameter in an edit action to administrator/index.php.

Published: March 19, 2014; 10:17:45 AM -04:00
    V2: 4.3 MEDIUM
CVE-2013-5953

Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) calid or (2) paletteDefault parameter in an editevent action to index.php.

Published: March 19, 2014; 10:17:44 AM -04:00
    V2: 4.3 MEDIUM
CVE-2013-5952

Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) xhash parameter to client/chat.php or (3) toname parameter to client/plugins/upload/upload.php.

Published: March 19, 2014; 10:17:05 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-0793

Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) latitude parameter in a comment to the default URI.

Published: January 30, 2014; 01:55:03 PM -05:00
    V2: 4.3 MEDIUM
CVE-2014-0794

SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.like action to index.php.

Published: January 26, 2014; 03:55:06 PM -05:00
    V2: 4.3 MEDIUM
CVE-2013-3719

Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: May 31, 2013; 08:20:25 AM -04:00
    V2: 4.3 MEDIUM
CVE-2013-3534

Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: May 13, 2013; 07:55:02 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-6514

Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income action to administrator/index.php.

Published: January 23, 2013; 08:55:05 PM -05:00
    V2: 4.3 MEDIUM
CVE-2012-6503

Unspecified vulnerability in the NinjaXplorer component before 1.0.7 for Joomla! has unknown impact and attack vectors.

Published: January 23, 2013; 08:55:04 PM -05:00
    V2: 10.0 HIGH
CVE-2010-5286

Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.

Published: November 26, 2012; 06:55:01 PM -05:00
    V2: 10.0 HIGH
CVE-2010-5280

Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabname parameter in a userProfile action to index.php. NOTE: this can be leveraged to execute arbitrary code by using the file upload feature.

Published: November 26, 2012; 06:55:00 PM -05:00
    V2: 7.5 HIGH
CVE-2012-5232

Cross-site scripting (XSS) vulnerability in the Quickl Form component for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: October 01, 2012; 04:55:04 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-5230

Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors.

Published: October 01, 2012; 04:55:04 PM -04:00
    V2: 7.5 HIGH
CVE-2006-7247

SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.

Published: September 06, 2012; 03:55:00 PM -04:00
    V2: 7.5 HIGH
CVE-2012-4868

SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.

Published: September 06, 2012; 01:55:01 PM -04:00
    V2: 7.5 HIGH
CVE-2011-5148

Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012.

Published: August 31, 2012; 05:55:02 PM -04:00
    V2: 6.8 MEDIUM
CVE-2011-5134

Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the JCE component before 2.0.18 for Joomla! allows remote authenticated users with the author privileges to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif. NOTE: some of these details are obtained from third party information.

Published: August 30, 2012; 06:55:04 PM -04:00
    V2: 6.0 MEDIUM
CVE-2011-5113

SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.

Published: August 23, 2012; 04:55:03 PM -04:00
    V2: 7.5 HIGH
CVE-2011-5112

SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php.

Published: August 23, 2012; 04:55:02 PM -04:00
    V2: 7.5 HIGH