| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Lack of output escaping for article titles leads to XSS vectors in various locations. |
| Lack of output escaping leads to a XSS vector in the multilingual associations component. |
| An improper access check allows unauthorized access to webservice endpoints. |
| The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers. |
| Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism. |
| Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint. |
| Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure |
| User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by file extensions, no mime type checks are happening. |
| Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss component for Joomla. |
| Lack of output escaping leads to a XSS vector in the pagebreak plugin. |
| Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags. |
| Multiple CSRF attack vectors in JDownloads component 1.0.0-4.0.47 for Joomla were discovered. |
| A unauthenticated reflected XSS vulnerability in VirtueMart 1.0.0-4.4.10 for Joomla was discovered. |
| SQL injection vulnerability in Joomla module mod_vvisit_counter v2.0.4j3. This vulnerability allows an attacker to retrieve database content via the ‘cip_vvisitcounter’ cookie at all endpoints where the plugin counts visits. |
| Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method. |
| Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class. |
| A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. The SVG upload feature does not sanitize uploads. |
| A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. File names are not properly escaped. |
| A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands. |
| A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands. |
