Filtered by vendor Joomla
Subscribe
Total
935 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4794 | 2 Joomla, Joomlaseller | 2 Joomla\!, Com Jscalendar | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the JoomlaSeller JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in a jscalendar action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0373 | 1 Joomla | 2 Com Libros, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | |||||
| CVE-2010-0800 | 2 Joomla, Joomservices | 2 Joomla\!, Com Dms | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Ossolution Team Documents Seller (aka DMS) (com_dms) component 2.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a view_category action to index.php. | |||||
| CVE-2010-0985 | 2 Chris Simon, Joomla | 2 Com Abbrev, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4166 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php. | |||||
| CVE-2011-5112 | 2 Blueflyingfish, Joomla | 2 Com Alameda, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php. | |||||
| CVE-2010-4838 | 2 Extensiondepot, Joomla | 2 Com Jsupport, Joomla\! | 2025-04-11 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php. | |||||
| CVE-2010-0635 | 2 Jevents, Joomla | 2 Jevents Search Plugin, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the plgSearchEventsearch::onSearch method in eventsearch.php in the JEvents Search plugin 1.5 through 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1956 | 2 Joomla, Thefactory | 2 Joomla\!, Com Gadgetfactory | 2025-04-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-5455 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error." | |||||
| CVE-2010-1653 | 2 Htmlcoderhelper, Joomla | 2 Com Graphics, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-6514 | 2 Joomla, Netshinesoftware | 2 Joomla\!, Com Netinvoice | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income action to administrator/index.php. | |||||
| CVE-2010-4898 | 2 Gantry-framework, Joomla | 2 Com Gantry, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Gantry (com_gantry) component 3.0.10 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter to index.php. | |||||
| CVE-2009-4785 | 2 Bhavesh Chauhan, Joomla | 2 Com Quicknews, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Quick News (com_quicknews) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a view_item action to index.php. | |||||
| CVE-2011-5099 | 2 Chillcreations, Joomla | 2 Mod Ccnewsletter, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-2036 | 2 Joomla, Percha | 2 Joomla\!, Com Perchafieldsattach | 2025-04-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2009-4650 | 2 Joomla, Onnogroen | 2 Joomla\!, Com Webeecomment | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-2488 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 5.0 MEDIUM | N/A |
| Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2013-1453 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
| plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist. | |||||
| CVE-2010-4272 | 2 Joomla, Pulseinfotech | 2 Joomla\!, Com Sponsorwall | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sponsorwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||