Vulnerabilities (CVE)

Filtered by vendor Joomla Subscribe
Total 925 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-4910 1 Joomla 1 Joomla\! 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2010-4990 2 B-elektro, Joomla 2 Com Addressbook, Joomla\! 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the Front-edit Address Book (com_addressbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a contact action to index.php.
CVE-2010-4517 2 Harmistechnology, Joomla 2 Com Jeauto, Joomla\! 2025-04-11 6.8 MEDIUM N/A
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php.
CVE-2010-1471 2 B-elektro, Joomla 2 Com Addressbook, Joomla\! 2025-04-11 7.5 HIGH N/A
Directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2012-4532 1 Joomla 1 Joomla\! 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-0373 1 Joomla 2 Com Libros, Joomla\! 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
CVE-2013-3267 1 Joomla 1 Joomla\! 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-5028 2 Harmistechnology, Joomla 2 Com Jejob, Joomla\! 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
CVE-2011-0005 1 Joomla 2 Com Search, Joomla\! 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.php.
CVE-2010-4516 2 Joomla, Jxtended 2 Joomla\!, Jxtended Comments 2025-04-11 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the JXtended Comments component before 1.3.1 for Joomla allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-0793 2 Joomla, Stackideas 2 Joomla\!, Komento 2025-04-11 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) latitude parameter in a comment to the default URI.
CVE-2010-4949 2 Evnix, Joomla 3 Freichat, Freichatpure, Joomla\! 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the (1) FreiChat component before 2.1.2 for Joomla! and the (2) FreiChatPure component before 1.2.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML by entering it in an unspecified window.
CVE-2012-0821 1 Joomla 1 Joomla\! 2025-04-11 5.0 MEDIUM N/A
Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0819.
CVE-2010-0456 2 Indianpulses, Joomla 2 Com Gameserver, Joomla\! 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the indianpulse Game Server (com_gameserver) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the grp parameter in a gameserver action to index.php.
CVE-2010-4794 2 Joomla, Joomlaseller 2 Joomla\!, Com Jscalendar 2025-04-11 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the JoomlaSeller JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in a jscalendar action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-1363 2 Extremejoomla, Joomla 2 Com J-projects, Joomla\! 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the JProjects (com_j-projects) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the project parameter in a projects action to index.php.
CVE-2010-4638 2 Iptechinside, Joomla 2 Com Jquarks4s, Joomla\! 2025-04-11 6.8 MEDIUM N/A
SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php.
CVE-2010-4944 2 Joomla, Mambo-foundation 3 Com Elite Experts, Joomla\!, Mambo 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php.
CVE-2010-0945 2 Hotbrackets, Joomla 2 Com Hotbrackets, Joomla\! 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the HotBrackets Tournament Brackets (com_hotbrackets) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2010-0943 2 Joomla, Joomlart 2 Joomla\!, Com Jashowcase 2025-04-11 5.0 MEDIUM N/A
Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.