National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,055 matching records.
Displaying matches 301 through 320.
Vuln ID Summary CVSS Severity
CVE-2012-5827

Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection."

Published: November 11, 2012; 08:01:00 AM -05:00
    V2: 4.3 MEDIUM
CVE-2012-4532

Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information.

Published: October 31, 2012; 12:55:05 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-4531

Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: October 31, 2012; 12:55:03 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-5455

Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error."

Published: October 22, 2012; 07:55:10 PM -04:00
    V2: 4.3 MEDIUM
CVE-2011-4911

Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors.

Published: October 07, 2012; 05:55:01 PM -04:00
    V2: 5.0 MEDIUM
CVE-2011-4910

Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Published: October 07, 2012; 05:55:01 PM -04:00
    V2: 4.3 MEDIUM
CVE-2011-4909

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php.

Published: October 07, 2012; 05:55:01 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-5232

Cross-site scripting (XSS) vulnerability in the Quickl Form component for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: October 01, 2012; 04:55:04 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-5230

Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors.

Published: October 01, 2012; 04:55:04 PM -04:00
    V2: 7.5 HIGH
CVE-2012-1117

Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: September 25, 2012; 08:55:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-1116

SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: September 25, 2012; 08:55:00 PM -04:00
    V2: 7.5 HIGH
CVE-2012-5101

SQL injection vulnerability in the JExtensions JE Poll component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: September 23, 2012; 01:55:01 PM -04:00
    V2: 7.5 HIGH
CVE-2012-1612

Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: September 06, 2012; 05:55:01 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-1611

Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599.

Published: September 06, 2012; 05:55:01 PM -04:00
    V2: 5.0 MEDIUM
CVE-2012-0837

Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator."

Published: September 06, 2012; 03:55:01 PM -04:00
    V2: 5.0 MEDIUM
CVE-2012-0836

Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors.

Published: September 06, 2012; 03:55:01 PM -04:00
    V2: 5.0 MEDIUM
CVE-2012-0835

Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain sensitive information via unknown vectors related to "administrator."

Published: September 06, 2012; 03:55:01 PM -04:00
    V2: 5.0 MEDIUM
CVE-2012-0822

Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0820.

Published: September 06, 2012; 03:55:01 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-0821

Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0819.

Published: September 06, 2012; 03:55:01 PM -04:00
    V2: 5.0 MEDIUM
CVE-2012-0820

Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0822.

Published: September 06, 2012; 03:55:01 PM -04:00
    V2: 4.3 MEDIUM