Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Joomla
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-6631 |
Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: October 08, 2014; 3:55:04 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-4960 |
Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php. Published: July 21, 2014; 10:55:06 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-5956 |
Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php in the Youtube Gallery (com_youtubegallery) component 3.4.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the videofile parameter. Published: April 25, 2014; 10:15:30 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-5951 |
Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) application.js.php in scripts/ or (2) admin.php, (3) copy_move.php, (4) functions.php, (5) header.php, or (6) upload.php in include/. Published: March 25, 2014; 12:55:28 PM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2013-5955 |
Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary parameter in an edit action to administrator/index.php. Published: March 19, 2014; 10:17:45 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-5953 |
Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) calid or (2) paletteDefault parameter in an editevent action to index.php. Published: March 19, 2014; 10:17:44 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-5952 |
Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) xhash parameter to client/chat.php or (3) toname parameter to client/plugins/upload/upload.php. Published: March 19, 2014; 10:17:05 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-1636 |
Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter. Published: March 12, 2014; 10:55:26 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-3933 |
Cross-site scripting (XSS) vulnerability in the JoomShopping (com_joomshopping) component before 4.3.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the user_name parameter to index.php. Published: February 11, 2014; 12:55:06 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-1837 |
Cross-site scripting (XSS) vulnerability in the StackIdeas Komento (com_komento) component before 1.7.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors related to "checking new comments." Published: January 30, 2014; 2:55:03 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-0793 |
Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) latitude parameter in a comment to the default URI. Published: January 30, 2014; 1:55:03 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-0794 |
SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.like action to index.php. Published: January 26, 2014; 3:55:06 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-7219 |
SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com_sexypolling) component before 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the answer_id[] parameter. Published: January 21, 2014; 11:06:19 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-5583 |
Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. Published: December 28, 2013; 11:25:57 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-5576 |
administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013. Published: October 09, 2013; 10:54:26 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-3719 |
Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: May 31, 2013; 8:20:25 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-3534 |
Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: May 13, 2013; 7:55:02 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-3267 |
Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: May 03, 2013; 7:57:46 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-3242 |
plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors. Published: May 03, 2013; 7:57:46 AM -0400 |
V3.x:(not available) V2.0: 5.5 MEDIUM |
CVE-2013-3059 |
Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: May 03, 2013; 7:57:45 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |