Total
588 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-5455 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error." | |||||
CVE-2012-5232 | 2 Joomla, Mediafire | 2 Joomla\!, Mod Quick Form | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Quickl Form component for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-5230 | 2 Harmistechnology, Joomla | 2 Com Jesubmit, Joomla\! | 2024-11-21 | 7.5 HIGH | N/A |
Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors. | |||||
CVE-2012-5101 | 2 Jextensions, Joomla | 2 Je Poll Component, Joomla\! | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in the JExtensions JE Poll component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2012-4868 | 2 Joomla, Kunena | 2 Joomla\!, Kunena | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2012-4532 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2012-4531 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-4256 | 2 Joobi, Joomla | 2 Com Jnews, Joomla\! | 2024-11-21 | 5.0 MEDIUM | N/A |
The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message. | |||||
CVE-2012-4235 | 2 Joomla, Rsgallery2 | 2 Joomla\!, Com Rsgallery2 | 2024-11-21 | 5.0 MEDIUM | N/A |
The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI. | |||||
CVE-2012-4071 | 2 Joomla, Rsgallery2 | 2 Joomla\!, Com Rsgallery2 | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment. | |||||
CVE-2012-3829 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | N/A |
Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header. | |||||
CVE-2012-3828 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header. | |||||
CVE-2012-3554 | 2 Joomla, Rsgallery2 | 2 Joomla\!, Com Rsgallery2 | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2012-2902 | 2 Joomla, Ryan Demmer | 2 Joomla\!, Joomla Content Editor | 2024-11-21 | 6.0 MEDIUM | N/A |
Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as demonstrated by .jpg.pht. | |||||
CVE-2012-2901 | 2 Joomla, Ryan Demmer | 2 Joomla\!, Joomla Content Editor | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the search parameter to administrator/index.php. | |||||
CVE-2012-2748 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to "Inadequate filtering" and a "SQL error." | |||||
CVE-2012-2747 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 HIGH | N/A |
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to gain privileges via unknown attack vectors related to "Inadequate checking." | |||||
CVE-2012-2413 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php. | |||||
CVE-2012-1612 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-1611 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | N/A |
Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599. |