Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting malicious SQL code through the categoryid parameter. Attackers can send GET requests to index.php with crafted categoryid values in the com_jephotogallery component to execute arbitrary SQL queries and retrieve sensitive data like usernam…

CVSS: 8.2 · CWE: CWE-89

View on NVD

Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can inject malicious SQL code via the filter_type_id, filter_pid_id, and filter_search parameters in POST requests to extract sensitive database information including credentials and server details.

CVSS: 7.1 · CWE: CWE-89

View on NVD

Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filter_type_id, filter_pid_id, and filter_search parameters. Attackers can submit POST requests to the extroformfield view with malicious SQL payloads to extract sensitive database information and server data.

CVSS: 7.1 · CWE: CWE-89

View on NVD

Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious pages. Attackers can craft HTML forms targeting the account/index endpoint with hidden fields to change passwords, email addresses, and profile details without user consent.

CVSS: 4.3 · CWE: CWE-352

View on NVD

Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads in the username field to extract database information including user credentials and system details.

CVSS: 8.2 · CWE: CWE-89

View on NVD

Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the user_detail view with malicious cid values containing SQL commands to extract sensitive database information.

CVSS: 8.2 · CWE: CWE-89

View on NVD

Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML forms targeting account endpoints like /joomoc2/?route=account/edit and to modify user information or reset passwords without user consent.

CVSS: 4.3 · CWE: CWE-352

View on NVD

Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when users visit the profile, or submit SQL injection payloads via the phone_no parameter to the user_setting…

CVSS: 8.2 · CWE: CWE-89

View on NVD

Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modify component settings when administrators visit attacker-controlled pages.

CVSS: 5.3 · CWE: CWE-352

View on NVD

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract sensitive database information using automated tools.

CVSS: 7.1 · CWE: CWE-89

View on NVD

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract sensitive database information.

CVSS: 7.1 · CWE: CWE-89

View on NVD

Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET requests to the onAjax_files method with path traversal sequences to enumerate files in system directories outside the intended web root.

CVSS: 7.5 · CWE: CWE-22

View on NVD

Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hdwplayersearch parameter. Attackers can submit POST requests with crafted SQL payloads in the hdwplayersearch parameter to extract sensitive database information from the hdwplayer_videos table.

CVSS: 8.2 · CWE: CWE-89

View on NVD

Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary SQL queries. Attackers can send POST requests to the com_baforms component with malicious JSON payloads in the 'id' field parameter to extract sensitive database information.

CVSS: 8.2 · CWE: CWE-89

View on NVD

Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via HTTP headers, establish authenticated backdoors accepting arbitrary PHP code or OS commands, create hi…

CVSS: 9.8 · CWE: CWE-506

View on NVD

Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating GET parameters in the product filter endpoint. Attackers can craft malicious URLs containing XSS payloads in the from_option, from_ctrl, from_task, or from_itemid parameters to steal session tokens or login credentials when victims visit t…

CVSS: 6.1 · CWE: CWE-79

View on NVD

Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show, reviews, type_id, distance, facilities, categories, prices, location, and Itemid. Attackers can craft malicious URLs containing JavaScript payloads in these parameters to steal session tokens, login…

CVSS: 6.1 · CWE: CWE-79

View on NVD

Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft malicious URLs containing script payloads in the keyword parameter of the product-variants endpoint to execute arbitrary JavaScript in victim browsers and steal session tokens or credentials.

CVSS: 6.1 · CWE: CWE-79

View on NVD

Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filter_keyword parameter. Attackers can craft URLs containing JavaScript payloads in the filter_keyword GET parameter of the all-properties-with-map endpoint to execute arbitrary code in victim browsers and steal session tokens or credent…

CVSS: 6.1 · CWE: CWE-79

View on NVD

Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the review_id URL parameter. Attackers can craft malicious links containing JavaScript payloads that execute in victims' browsers when clicked, enabling session hijacking or credential theft.

CVSS: 6.1 · CWE: CWE-79

View on NVD

The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s com_ajax entry point. Under certain conditions, internal framework functionality could be invoked without proper restriction.

CVSS: 9.5 · CWE: CWE-284

View on NVD

User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by file extensions, no mime type checks are happening.

CVSS: 8.8 · CWE: CWE-434

View on NVD

Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss component for Joomla.

CVSS: 5.4 · CWE: CWE-79

View on NVD

Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component for Joomla.

CVSS: 5.4 · CWE: CWE-79

View on NVD

Multiple CSRF attack vectors in JDownloads component 1.0.0-4.0.47 for Joomla were discovered.

CVSS: 5.4 · CWE: CWE-352

View on NVD

A unauthenticated reflected XSS vulnerability in VirtueMart 1.0.0-4.4.10 for Joomla was discovered.

CVSS: 6.1 · CWE: CWE-79

View on NVD

SQL injection vulnerability in Joomla module mod_vvisit_counter v2.0.4j3. This vulnerability allows an attacker to retrieve database content via the ‘cip_vvisitcounter’ cookie at all endpoints where the plugin counts visits.

CVSS: 9.3 · CWE: CWE-89

View on NVD

A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. File names are not properly escaped.

CVSS: 8.5 · CWE: CWE-79

View on NVD

A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. The SVG upload feature does not sanitize uploads.

CVSS: 8.5 · CWE: CWE-79

View on NVD

A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands.

CVSS: 8.7 · CWE: CWE-89

View on NVD

A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands.

CVSS: 8.5 · CWE: CWE-89

View on NVD

An authenticated RCE vulnerability in Phoca Commander component 1.0.0-4.0.0 and 5.0.0-5.0.1 for Joomla was discovered. The issue allows code execution via the unzip feature.

CVSS: 9.2 · CWE: CWE-434

View on NVD

A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla was discovered.

CVSS: 9.4 · CWE: CWE-79

View on NVD

A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered.

CVSS: 9.4 · CWE: CWE-79

View on NVD

A stored XSS vulnerability in CComment component 5.0.0-6.1.14 for Joomla was discovered.

CVSS: 7.0 · CWE: CWE-79

View on NVD

A stored XSS vulnerability in ProFiles component 1.0-1.5.0 for Joomla was discovered.

CVSS: 7.0 · CWE: CWE-79

View on NVD

A Reflected XSS vulnerability in DJ-Reviews component 1.0-1.3.6 for Joomla was discovered.

CVSS: 5.1 · CWE: CWE-79

View on NVD

A SQLi vulnerability in Komento component 4.0.0-4.0.7for Joomla was discovered. The issue allows unprivileged users to execute arbitrary SQL commands.

CVSS: 9.3 · CWE: CWE-89

View on NVD

A SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands.

CVSS: 8.5 · CWE: CWE-89

View on NVD

A stored XSS vulnerability in the RSBlog! component 1.11.6-1.14.5 Joomla was discovered. The issue allows remote authenticated users to inject arbitrary web script or HTML via the jform[tags_text] parameter.

CVSS: 5.3 · CWE: CWE-79

View on NVD

A stored XSS vulnerability in the RSDirectory! component 1.0.0-2.2.8 Joomla was discovered. The issue allows remote authenticated attackers to inject arbitrary web script or HTML via the review reply component.

CVSS: 5.1 · CWE: CWE-79

View on NVD

A DOS vulnerability in RSFiles! component 1.16.3-1.17.7 Joomla was discovered. The issue allows unauthenticated remote attackers to deny access to service via the search feature.

CVSS: 6.9 · CWE: CWE-400

View on NVD

A reflected XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 28 Joomla was discovered. The issue allows remote attackers to inject arbitrary web script or HTML via the crafted parameter.

CVSS: 5.1 · CWE: CWE-79

View on NVD

A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 for Joomla allows privileged users to store malicious scripts in gallery items.

CVSS: 8.6 · CWE: CWE-79

View on NVD

A SQL injection vulnerability in the Balbooa Forms plugin 1.0.0-2.3.1.1 for Joomla allows privileged users to execute arbitrary SQL commands via the 'id' parameter.

CVSS: 8.6 · CWE: CWE-89

View on NVD

A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee application feature.

CVSS: 8.7 · CWE: CWE-89

View on NVD

A SQL injection in Articles Calendar extension 1.0.0 - 1.0.1.0007 for Joomla allows attackers to execute arbitrary SQL commands.

CVSS: 9.8 · CWE: CWE-89

View on NVD

A SQL injection in Articles Good Search extension 1.0.0 - 1.2.4.0011 for Joomla allows attackers to execute arbitrary SQL commands.

CVSS: 9.8 · CWE: CWE-89

View on NVD

A SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla was discovered. The vulnerability allows remote authenticated users to execute arbitrary SQL commands via the id_module parameter.

CVSS: 8.6 · CWE: CWE-89

View on NVD

A SQL injection vulnerability in JEvents component before 3.6.88 and 3.6.82.1 for Joomla was discovered. The extension is vulnerable to SQL injection via publicly accessible actions to list events by date ranges.

CVSS: 9.3 · CWE: CWE-89

View on NVD

A SQL injection vulnerability in RSMediaGallery! component 1.7.4 - 2.1.7 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or other input points, which is subsequently executed in the browser of any user who clicks on th…

CVSS: 6.7 · CWE: CWE-89

View on NVD

A stored XSS vulnerability in RSTickets! component 1.9.12 - 3.3.0 for Joomla was discovered. It allows attackers to perform cross-site scripting (XSS) attacks via sending crafted payload.

CVSS: 8.5 · CWE: CWE-79

View on NVD

Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla was discovered. The issue occurs within the submission export feature and requires administrative access to the export feature.

CVSS: 9.2 · CWE: CWE-94

View on NVD

A stored XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or other input points, which is subsequently executed in the browser of any user who clicks on the craft…

CVSS: 6.1 · CWE: CWE-79

View on NVD

A stored XSS vulnerability in RSBlog! component 1.11.6 - 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript into the plugin's resource. The injected payload is stored by the application and later executed when other users view the affected content.

CVSS: 6.5 · CWE: CWE-79

View on NVD

A SQLi vulnerability in RSMediaGallery component 1.7.4 - 2.1.6 for Joomla was discovered. The vulnerability is due to the use of unescaped user-supplied parameters in SQL queries within the dashboard component. This allows an authenticated attacker to inject malicious SQL code through unsanitized input fields, which are used directly in SQL queries. Exploiting this flaw can lead to unauthorized d…

CVSS: 6.5 · CWE: CWE-89

View on NVD

A path traversal vulnerability in RSFirewall component 2.9.7 - 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory. The flaw is caused by insufficient sanitization of user-supplied input in file path parameters, allowing attackers to exploit directory traversal sequences (e.g., ../) to access sensitive files

CVSS: 5.4 · CWE: CWE-35

View on NVD

A reflected XSS vulnerability in RSform!Pro component 3.0.0 - 3.3.13 for Joomla was discovered. The issue arises from the improper handling of the filter[dateFrom] GET parameter, which is reflected unescaped in the administrative backend interface. This allows an authenticated attacker with admin or editor privileges to inject arbitrary JavaScript code by crafting a malicious URL.

CVSS: 4.8 · CWE: CWE-79

View on NVD

A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area in backend.

CVSS: 3.8 · CWE: CWE-89

View on NVD

A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers (administrator) to escalate their privileges to Super Admin Permissions.

CVSS: 6.5 · CWE: CWE-284

View on NVD

A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jp_yearbuilt leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the…

CVSS: 4.3 · CWE: CWE-79

View on NVD

A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla and classified as critical. This issue affects some unknown processing of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties of the component GET Parameter Handler. The manipulation of the argument title leads to sql injection. The attack may be initiated remotely. The exploit has been disclose…

CVSS: 6.3 · CWE: CWE-74

View on NVD

A SQL injection vulnerability in the Convert Forms component versions 1.0.0-1.0.0 - 4.4.9 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the submission management area in backend.

CVSS: 2.7 · CWE: CWE-89

View on NVD

A SQL injection vulnerability in the JoomShopping component versions 1.0.0-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the country management area in backend.

CVSS: 3.4 · CWE: CWE-89

View on NVD

A SQL injection vulnerability in the Hikashop component versions 3.3.0-5.1.4 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the category management area in backend.

CVSS: 7.2 · CWE: CWE-89

View on NVD

A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature.

CVSS: 4.7 · CWE: CWE-89

View on NVD

A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'filter_email' parameter in the GDPR Erase Data Request search feature.

CVSS: 4.7 · CWE: CWE-89

View on NVD

A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'fieldfor' parameter in the GDPR Field feature.

CVSS: 4.7 · CWE: CWE-89

View on NVD

Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x.

CVSS: 7.5 · CWE: CWE-35

View on NVD

Improper control of generation of code in the sourcerer extension for Joomla in versions before 11.0.0 lead to a remote code execution vulnerability.

CVSS: 9.8 · CWE: CWE-94

View on NVD

Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8.

CVSS: 5.4 · CWE: CWE-79

View on NVD

Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8.

CVSS: 9.8 · CWE: CWE-434

View on NVD

Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Joomla! application. Fixed in versions 3.8 and 4.5.

CVSS: 9.8 · CWE: CWE-502

View on NVD

A stored cross-site scripting (XSS) vulnerability in HikaShop Joomla Component < 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the `description` parameter of any product. The `description `parameter is not sanitised in the backend.

CVSS: 5.4 · CWE: CWE-79

View on NVD

XSS vulnerability in DJ-HelpfulArticles component for Joomla.

CVSS: 6.1 · CWE: CWE-79

View on NVD

Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0.

CVSS: 6.1 · CWE: CWE-79

View on NVD

Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: before 5.0.

CVSS: 7.5 · CWE: CWE-918

View on NVD

Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0.

CVSS: 7.5 · CWE: CWE-497

View on NVD

Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Joomla to WordPress.This issue affects FG Joomla to WordPress: from n/a through 4.20.2.

CVSS: 5.3 · CWE: CWE-532

View on NVD

Cross-Site Request Forgery (CSRF) vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce, Frédéric GILLES FG Drupal to WordPress, Frédéric GILLES FG Joomla to WordPress.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.44.3; FG Drupal to WordPress: from n/a through 3.67.0; FG Joomla to WordPress: from n/a through 4.15.0.

CVSS: 4.3 · CWE: CWE-352

View on NVD

An Open Redirect vulnerability was found in osTicky2 below 2.2.8. osTicky (osTicket Bridge) by SmartCalc is a Joomla 3.x extension that provides Joomla fronted integration with osTicket, a popular Support ticket system. The Open Redirect vulnerability allows attackers to control the return parameter in the URL to a base64 malicious URL.

CVSS: 6.1 · CWE: CWE-601

View on NVD

XSS vulnerability in DP Calendar component for Joomla.

CVSS: 6.1 · CWE: CWE-79

View on NVD

SQLi vulnerability in Starshop component for Joomla.

CVSS: 9.8 · CWE: CWE-89

View on NVD

SQLi vulnerability in S5 Register module for Joomla.

CVSS: 9.8 · CWE: CWE-89

View on NVD

A reflected XSS vulnerability was discovered in the Easy Quick Contact module for Joomla.

CVSS: 6.1 · CWE: CWE-79

View on NVD

A reflected XSS vulnerability was discovered in the Clicky Analytics Dashboard module for Joomla.

CVSS: 6.1 · CWE: CWE-79

View on NVD

A reflected XSS vulnerability was discovered in the Joomdoc component for Joomla.

CVSS: 6.1 · CWE: CWE-79

View on NVD

A reflected XSS vulnerability was discovered in the Quickform component for Joomla.

CVSS: 6.1 · CWE: CWE-79

View on NVD

A reflected XSS vulnerability was discovered in the Proforms Basic component for Joomla.

CVSS: 6.1 · CWE: CWE-79

View on NVD

Unauthenticated LFI/SSRF in JCDashboards component for Joomla.

CVSS: 9.8 · CWE: CWE-918

View on NVD

SQLi vulnerability in LMS Lite component for Joomla.

CVSS: 9.8 · CWE: CWE-89

View on NVD

A reflected XSS vulnerability was discovered in the Extplorer component for Joomla.

CVSS: 6.1 · CWE: CWE-79

View on NVD

A reflected XSS vulnerability was discovered in the LivingWord component for Joomla.

CVSS: 6.1 · CWE: CWE-79

View on NVD

Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list.

CVSS: 5.3 · CWE: CWE-200

View on NVD

Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows the unauthorized removal of attachments from campaigns.

CVSS: 4.3 · CWE: CWE-284

View on NVD

Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized users to create new mailing lists.

CVSS: 4.3 · CWE: CWE-284

View on NVD

Improper Neutralization of Input During Web Page Generation vulnerability in AcyMailing Enterprise component for Joomla allows XSS. This issue affects AcyMailing Enterprise component for Joomla: 6.7.0-8.6.3.

CVSS: 6.1 · CWE: CWE-79

View on NVD

Unrestricted Upload of File with Dangerous Type vulnerability in AcyMailing component for Joomla. It allows remote code execution.

CVSS: 9.8 · CWE: CWE-434

View on NVD

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements.

CVSS: 6.1 · CWE: CWE-79

View on NVD

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements.

CVSS: 6.1 · CWE: CWE-79

View on NVD