| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQL commands via the search parameter in a log action to administrator/index.php. NOTE: some of these details are obtained from third party information. |
| Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the JoomlaTune JComments (com_jcomments) component 2.1.0.0 for Joomla! allows remote authenticated users to inject arbitrary web script or HTML via the name parameter to index.php. |
| SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php. |
| SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php. |
| SQL injection vulnerability in the Club Manager (com_clubmanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cm_id parameter in an equip presenta action to index.php. |
| Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information. |
| Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php. |
| SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages. |
| Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions. |
| An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs. |
| The wrapper extensions do not correctly validate inputs, leading to XSS vectors. |
| Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field. |
| The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector. |
| The Custom Fields component not correctly filter inputs, leading to a XSS vector. |
| Improper handling of input could lead to an XSS vector in the StringHelper::truncate method. |
| An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen. |
| An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods. |
| The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information. |
| An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media. |
