National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,098 matching records.
Displaying matches 321 through 340.
Vuln ID Summary CVSS Severity
CVE-2014-1837

Cross-site scripting (XSS) vulnerability in the StackIdeas Komento (com_komento) component before 1.7.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors related to "checking new comments."

Published: January 30, 2014; 02:55:03 PM -05:00
    V2: 4.3 MEDIUM
CVE-2014-0793

Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) latitude parameter in a comment to the default URI.

Published: January 30, 2014; 01:55:03 PM -05:00
    V2: 4.3 MEDIUM
CVE-2014-0794

SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.like action to index.php.

Published: January 26, 2014; 03:55:06 PM -05:00
    V2: 4.3 MEDIUM
CVE-2013-7219

SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com_sexypolling) component before 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the answer_id[] parameter.

Published: January 21, 2014; 11:06:19 AM -05:00
    V2: 7.5 HIGH
CVE-2013-5583

Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

Published: December 28, 2013; 11:25:57 PM -05:00
    V2: 4.3 MEDIUM
CVE-2013-5576

administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013.

Published: October 09, 2013; 10:54:26 AM -04:00
    V2: 6.8 MEDIUM
CVE-2013-3719

Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: May 31, 2013; 08:20:25 AM -04:00
    V2: 4.3 MEDIUM
CVE-2013-3534

Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: May 13, 2013; 07:55:02 PM -04:00
    V2: 4.3 MEDIUM
CVE-2013-3267

Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: May 03, 2013; 07:57:46 AM -04:00
    V2: 4.3 MEDIUM
CVE-2013-3242

plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors.

Published: May 03, 2013; 07:57:46 AM -04:00
    V2: 5.5 MEDIUM
CVE-2013-3059

Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: May 03, 2013; 07:57:45 AM -04:00
    V2: 4.3 MEDIUM
CVE-2013-3058

Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: May 03, 2013; 07:57:45 AM -04:00
    V2: 4.3 MEDIUM
CVE-2013-3057

Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors.

Published: May 03, 2013; 07:57:45 AM -04:00
    V2: 4.0 MEDIUM
CVE-2013-3056

Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors.

Published: May 03, 2013; 07:57:45 AM -04:00
    V2: 4.0 MEDIUM
CVE-2013-1455

Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable."

Published: February 12, 2013; 08:55:05 PM -05:00
    V2: 5.0 MEDIUM
CVE-2013-1454

Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors."

Published: February 12, 2013; 08:55:05 PM -05:00
    V2: 5.0 MEDIUM
CVE-2013-1453

plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist.

Published: February 12, 2013; 08:55:05 PM -05:00
    V2: 7.5 HIGH
CVE-2012-6514

Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income action to administrator/index.php.

Published: January 23, 2013; 08:55:05 PM -05:00
    V2: 4.3 MEDIUM
CVE-2012-6503

Unspecified vulnerability in the NinjaXplorer component before 1.0.7 for Joomla! has unknown impact and attack vectors.

Published: January 23, 2013; 08:55:04 PM -05:00
    V2: 10.0 HIGH
CVE-2012-1599

Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611.

Published: December 03, 2012; 04:55:01 PM -05:00
    V2: 5.0 MEDIUM