EXTPLORER, 2.1.15, 3rd party extension, XSS (Cross Site Scripting)...
Virtual Classroom, , 3rd party extension, SQL Injection...
Proforms Basic via sort_order parameter, , 3rd party extension, SQL Injection...
Weiterlesen: Proforms Basic via sort_order parameter, , SQL Injection
Plugin Creative Gallery , , 3rd party extension, SQL Injection...
LivingWord, , 3rd party extension, XSS (Cross Site Scripting)...
one vote, 1.7, 3rd party extension, XSS (Cross Site Scripting)...
HikaShop, Versions from 4.4.1 to 4.7.2 are affected, 3rd party extension, SQL Injection Dev Noticehttps://www.hikashop.com/home/blog/501-hikashop-important-2023.html...
Weiterlesen: HikaShop, Versions from 4.4.1 to 4.7.2 are affected, SQL Injection
HikaShop Joomla Plugin, , 3rd party extension, SQL InjectionUpdatehttps://www.hikashop.com/home/blog/501-hikashop-important-2023.html...
Visforms Base Package for Joomla!, 3rd party extension, SQL Injection Project: Visforms für Joomla 3 Extension: com_visforms Impact: Critical Severity: High Probability: Unkonwn Versions: 3.8.0 - 3.14.10 Exploit type: SQL Injection Reported Date: 2023-04-16 Fixed Date: 2023-04-19 CVE Number: CVE-2023-23753 Description An improper use of input filter allows SQL-Injection. Affected Installs com_visforms versions 3.8.0 - 3.14.10. Visforms Base Package 3.0.0 - 3.0.4 (Since version 3.14.6 com_visforms is part of the Visforms Base Package) Solution Upgrade to Visforms Base Package 3.0.5...
Weiterlesen: Visforms Base Package for Joomla!, 3.14.10, SQL Injection
Project: Joomla! SubProject: CMS Impact: Critical Severity: Moderate Probability: Low Versions: 4.2.0-4.3.1 Exploit type: Lack of rate limiting Reported Date: 2023-04-29 Fixed Date: 2023-05-30 CVE Number: CVE-2023-23755 Description The lack of rate limiting allows brute force attacks against MFA methods. Affected Installs Joomla! CMS versions 4.2.0-4.3.1 Solution Upgrade to version 4.3.2 Contact The JSST at the Joomla! Security Centre. Reported By: Phil Taylor...
Weiterlesen: [20230502] - Core - Bruteforce prevention within the mfa screen
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 4.2.0-4.3.1 Exploit type: Open Redirect / XSS Reported Date: 2023-02-28 Fixed Date: 2023-05-28 CVE Number: CVE-2023-23754 Description Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen. Affected Installs Joomla! CMS versions 4.2.0-4.3.1 Solution Upgrade to version 4.3.2 Contact The JSST at the Joomla! Security Centre. Reported By: Srpopty from huntr.dev...
Weiterlesen: [20230501] - Core - Open Redirects and XSS within the mfa selection
Project: Joomla! SubProject: CMS Impact: Critical Severity: High Probability: High Versions: 4.0.0-4.2.7 Exploit type: Incorrect Access Control Reported Date: 2023-02-13 Fixed Date: 2023-02-16 CVE Number: CVE-2023-23752 Description An improper access check allows unauthorized access to webservice endpoints. Affected Installs Joomla! CMS versions 4.0.0-4.2.7 Solution Upgrade to version 4.2.8 Contact The JSST at the Joomla! Security Centre. Reported By: Zewei Zhang from NSFOCUS TIANJI Lab...
Weiterlesen: [20230201] - Core - Improper access check in webservice endpoints
J-BusinessDirectory, 5.7.7 and prior, 3rd party extension, Other*** In the J-BusinessDirectory version 5.8.3 we have updated guzzlehttp to the latest version, 7.5.0 and to PSR 2.1.5....
LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login , 5.0.2, 3rd party extension, Other...
Weiterlesen: LDAP Integration with Active Directory and OpenLDAP - NTLM Kerberos Login , 5.0.2,...
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 4.0.0-4.2.4 Exploit type: Reflexted XSS Reported Date: 2022-10-28 Fixed Date: 2022-11-08 CVE Number: CVE-2022-27914 Description Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.. Affected Installs Joomla! CMS versions 4.0.0-4.2.4 Solution Upgrade to version 4.2.5 Contact The JSST at the Joomla! Security Centre. Reported By: https://github.com/Denitz...
Weiterlesen: [20221101] - Core - RXSS through reflection of user input in com_media
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 4.0.0-4.2.6 Exploit type: CSRF Reported Date: 2022-12-24 Fixed Date: 2023-01-31 CVE Number: CVE-2023-23750 Description A missing token check causes a CSRF vulnerability in the handling of post-installation messages. Affected Installs Joomla! CMS versions 4.0.0-4.2.6 Solution Upgrade to version 4.2.7 Contact The JSST at the Joomla! Security Centre. Reported By: Faizan Wani...
Weiterlesen: [20230101] - Core - CSRF within post-installation messages
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 4.0.0-4.2.6 Exploit type: Incorrect Access Control Reported Date: 2023-01-01 Fixed Date: 2023-01-31 CVE Number: CVE-2023-23751 Description A missing ACL check allows non super-admin users to access com_actionlogs. Affected Installs Joomla! CMS versions 4.0.0-4.2.6 Solution Upgrade to version 4.2.7 Contact The JSST at the Joomla! Security Centre. Reported By: Faizan Wani...
Weiterlesen: [20230102] - Core - Missing ACL checks for com_actionlogs
Project: Joomla! SubProject: CMS Impact: Critical Severity: Low Probability: Low Versions: 4.0.0-4.2.3 Exploit type: Information Disclosure Reported Date: 2022-10-13 Fixed Date: 2022-10-25 CVE Number: CVE-2022-27912 Description Joomla 4 sites with publicly enabled debug mode exposed data of previous requests. Affected Installs Joomla! CMS versions 4.0.0-4.2.3 Solution Upgrade to version 4.2.4 Contact The JSST at the Joomla! Security Centre. Reported By: Peter Martin...
Weiterlesen: [20221001] - Core - Disclosure of critical information in debug mode
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 4.0.0-4.2.3 Exploit type: Reflexted XSS Reported Date: 2022-10-07 Fixed Date: 2022-10-25 CVE Number: CVE-2022-27913 Description Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components. Affected Installs Joomla! CMS versions 4.0.0-4.2.3 Solution Upgrade to version 4.2.4 Contact The JSST at the Joomla! Security Centre. Reported By: Ajith Menon...
Weiterlesen: [20221002] - Core - RXSS through reflection of user input in headings
JKassa, 2.0.0, 3rd party extension, SQL Injection Update to latest version https://jkassa.com/en/extensions/jkassa.html...