Vulnerabilities (CVE)

Filtered by vendor Cmsjunkie Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-5182 1 Cmsjunkie 1 J-businessdirectory 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing. In some configurations, the link to the business website can be entered by any user. If it doesn't contain rel="noopener" (or similar attributes such as noreferrer), the tabnabbing may occur. To reproduce the bug, create a business with a website link that contains JavaScript to exploit the window.opener property (for example, by setting window.opener.location).
CVE-2015-1477 1 Cmsjunkie 1 J-classifiedsmanager 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewad task to classifieds/offerring-ads.
CVE-2015-1478 1 Cmsjunkie 1 J-classifiedsmanager 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the view parameter to /classifieds.