National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,055 matching records.
Displaying matches 261 through 280.
Vuln ID Summary CVSS Severity
CVE-2012-2413

Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php.

Published: October 20, 2014; 10:55:03 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-7984

Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication.

Published: October 08, 2014; 03:55:05 PM -04:00
    V2: 7.5 HIGH
CVE-2014-7983

Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: October 08, 2014; 03:55:05 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-7982

Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: October 08, 2014; 03:55:05 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-7981

SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: October 08, 2014; 03:55:05 PM -04:00
    V2: 7.5 HIGH
CVE-2014-7229

Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors.

Published: October 08, 2014; 03:55:04 PM -04:00
    V2: 5.0 MEDIUM
CVE-2014-6632

Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication.

Published: October 08, 2014; 03:55:04 PM -04:00
    V2: 7.5 HIGH
CVE-2014-6631

Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: October 08, 2014; 03:55:04 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4725

The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.

Published: July 27, 2014; 02:55:05 PM -04:00
    V2: 7.5 HIGH
CVE-2014-4960

Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php.

Published: July 21, 2014; 10:55:06 AM -04:00
    V2: 7.5 HIGH
CVE-2013-5956

Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php in the Youtube Gallery (com_youtubegallery) component 3.4.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the videofile parameter.

Published: April 25, 2014; 10:15:30 AM -04:00
    V2: 4.3 MEDIUM
CVE-2013-5951

Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) application.js.php in scripts/ or (2) admin.php, (3) copy_move.php, (4) functions.php, (5) header.php, or (6) upload.php in include/.

Published: March 25, 2014; 12:55:28 PM -04:00
    V2: 2.6 LOW
CVE-2013-5955

Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary parameter in an edit action to administrator/index.php.

Published: March 19, 2014; 10:17:45 AM -04:00
    V2: 4.3 MEDIUM
CVE-2013-5953

Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) calid or (2) paletteDefault parameter in an editevent action to index.php.

Published: March 19, 2014; 10:17:44 AM -04:00
    V2: 4.3 MEDIUM
CVE-2013-5952

Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) xhash parameter to client/chat.php or (3) toname parameter to client/plugins/upload/upload.php.

Published: March 19, 2014; 10:17:05 AM -04:00
    V2: 4.3 MEDIUM
CVE-2013-1636

Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter.

Published: March 12, 2014; 10:55:26 AM -04:00
    V2: 4.3 MEDIUM
CVE-2013-3933

Cross-site scripting (XSS) vulnerability in the JoomShopping (com_joomshopping) component before 4.3.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the user_name parameter to index.php.

Published: February 11, 2014; 12:55:06 PM -05:00
    V2: 4.3 MEDIUM
CVE-2014-1837

Cross-site scripting (XSS) vulnerability in the StackIdeas Komento (com_komento) component before 1.7.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors related to "checking new comments."

Published: January 30, 2014; 02:55:03 PM -05:00
    V2: 4.3 MEDIUM
CVE-2014-0793

Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) latitude parameter in a comment to the default URI.

Published: January 30, 2014; 01:55:03 PM -05:00
    V2: 4.3 MEDIUM
CVE-2014-0794

SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.like action to index.php.

Published: January 26, 2014; 03:55:06 PM -05:00
    V2: 4.3 MEDIUM