Vulnerabilities (CVE)

Filtered by vendor Joobi Subscribe
Filtered by product Jnews
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-7343 1 Joobi 1 Jnews 2024-11-21 3.5 LOW 4.8 MEDIUM
JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter.
CVE-2015-7342 1 Joobi 1 Jnews 2024-11-21 6.5 MEDIUM 7.2 HIGH
JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.
CVE-2015-7341 1 Joobi 1 Jnews 2024-11-21 6.5 MEDIUM 8.8 HIGH
JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension.