Filtered by vendor Joomla
Subscriptions
Total
948 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-5232 | 2 Joomla, Mediafire | 2 Joomla\!, Mod Quick Form | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Quickl Form component for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-5455 | 1 Joomla | 1 Joomla\! | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error." | ||||
| CVE-2010-3712 | 1 Joomla | 1 Joomla\! | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities," as demonstrated by the query string to index.php in the com_weblinks or com_content component. | ||||
| CVE-2012-6503 | 2 Joomla, Ninjaforge | 2 Joomla\!, Com Ninjaxplorer | 2025-04-11 | N/A |
| Unspecified vulnerability in the NinjaXplorer component before 1.0.7 for Joomla! has unknown impact and attack vectors. | ||||
| CVE-2010-3426 | 2 4you-studio, Joomla | 2 Com Jphone, Joomla\! | 2025-04-11 | N/A |
| Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. | ||||
| CVE-2013-1455 | 1 Joomla | 1 Joomla\! | 2025-04-11 | N/A |
| Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable." | ||||
| CVE-2013-3057 | 1 Joomla | 1 Joomla\! | 2025-04-11 | N/A |
| Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors. | ||||
| CVE-2013-3058 | 1 Joomla | 1 Joomla\! | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-3059 | 1 Joomla | 1 Joomla\! | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-3534 | 2 Algisinfo, Joomla | 2 Aicontactsafe, Joomla\! | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-3422 | 2 Joomla, Solventus | 2 Joomla\!, Com Jgen | 2025-04-11 | N/A |
| SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | ||||
| CVE-2013-5576 | 1 Joomla | 1 Joomla\! | 2025-04-11 | N/A |
| administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013. | ||||
| CVE-2013-5583 | 1 Joomla | 1 Joomla\! | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | ||||
| CVE-2010-3211 | 2 Jextn, Joomla | 2 Com Jefaqpro, Joomla\! | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro) component 1.5.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via category categorylist operations with (1) the catid parameter or (2) the catid parameter in a lists action. | ||||
| CVE-2010-4270 | 2 Joomla, Netshinesoftware | 2 Joomla\!, Com Netinvoice | 2025-04-11 | N/A |
| Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010. | ||||
| CVE-2010-2908 | 2 Joomdle, Joomla | 2 Com Joomdle, Joomla\! | 2025-04-11 | N/A |
| SQL injection vulnerability in the Joomdle (com_joomdle) component 0.24 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the course_id parameter in a detail action to index.php. | ||||
| CVE-2010-3028 | 2 Joomla, Simon Philips | 2 Joomla, Aardvertiser | 2025-04-11 | N/A |
| The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files. | ||||
| CVE-2010-2921 | 2 Joomla, Photoindochina | 2 Joomla\!, Com Golfcourseguide | 2025-04-11 | N/A |
| SQL injection vulnerability in the Golf Course Guide (com_golfcourseguide) component 0.9.6.0 beta and 1 beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a golfcourses action to index.php. | ||||
| CVE-2010-2919 | 2 Joomla, Joomlaxt | 2 Joomla\!, Com Staticxt | 2025-04-11 | N/A |
| SQL injection vulnerability in the StaticXT (com_staticxt) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | ||||
| CVE-2010-2918 | 2 Joomla, Visocrea | 2 Joomla\!, Com Joomla Visites | 2025-04-11 | N/A |
| PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||