| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple CSRF attack vectors in JDownloads component 1.0.0-4.0.47 for Joomla were discovered. |
| A unauthenticated reflected XSS vulnerability in VirtueMart 1.0.0-4.4.10 for Joomla was discovered. |
| An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. |
| The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. |
| SQL injection vulnerability in Joomla module mod_vvisit_counter v2.0.4j3. This vulnerability allows an attacker to retrieve database content via the ‘cip_vvisitcounter’ cookie at all endpoints where the plugin counts visits. |
| Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class. |
| Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method. |
| A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. The SVG upload feature does not sanitize uploads. |
| A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. File names are not properly escaped. |
| A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands. |
| A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands. |
| An authenticated RCE vulnerability in Phoca Commander component 1.0.0-4.0.0 and 5.0.0-5.0.1 for Joomla was discovered. The issue allows code execution via the unzip feature. |
| A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla was discovered. |
| A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered. |
| A stored XSS vulnerability in CComment component 5.0.0-6.1.14 for Joomla was discovered. |
| Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.. |
| The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors. |
| The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions. |
| Improper Access Controls allows backend users to overwrite their username when disallowed. |
| The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors. |
