Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Joomla Subscribe
Total 912 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-4256 2 Joobi, Joomla 2 Com Jnews, Joomla\! 2017-08-28 5.0 MEDIUM N/A
The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message.
CVE-2012-5455 1 Joomla 1 Joomla\! 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error."
CVE-2012-5230 2 Harmistechnology, Joomla 2 Com Jesubmit, Joomla\! 2017-08-28 7.5 HIGH N/A
Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors.
CVE-2012-6503 2 Joomla, Ninjaforge 2 Joomla\!, Com Ninjaxplorer 2017-08-28 10.0 HIGH N/A
Unspecified vulnerability in the NinjaXplorer component before 1.0.7 for Joomla! has unknown impact and attack vectors.
CVE-2012-3828 1 Joomla 1 Joomla\! 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header.
CVE-2012-1117 1 Joomla 1 Joomla\! 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2748 1 Joomla 1 Joomla\! 2017-08-28 5.0 MEDIUM N/A
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to "Inadequate filtering" and a "SQL error."
CVE-2012-1018 2 Dmackmedia, Joomla 2 Mod Currencyconverter, Joomla\! 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the from parameter.
CVE-2012-2902 2 Joomla, Ryan Demmer 2 Joomla\!, Joomla Content Editor 2017-08-28 6.0 MEDIUM N/A
Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as demonstrated by .jpg.pht.
CVE-2012-1116 1 Joomla 1 Joomla\! 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-2413 1 Joomla 1 Joomla\! 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php.
CVE-2012-2901 2 Joomla, Ryan Demmer 2 Joomla\!, Joomla Content Editor 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the search parameter to administrator/index.php.
CVE-2011-4571 2 Eaimproved, Joomla 2 Com Estateagent, Joomla\! 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php.
CVE-2011-5099 2 Chillcreations, Joomla 2 Mod Ccnewsletter, Joomla\! 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2011-4570 2 Joomla, Takeaweb 2 Joomla\!, Com Timereturns 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php.
CVE-2011-5148 2 Joomla, Wasen 2 Joomla\!, Mod Simplefileupload 2017-08-28 6.8 MEDIUM N/A
Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012.
CVE-2010-4991 2 Joomla, Ninjaforge 2 Joomla\!, Ninjamonials 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in the NinjaMonials (com_ninjamonials) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a display action to index.php.
CVE-2010-4994 2 Instantphp, Joomla 2 Jobs Pro, Joomla\! 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in the Jobs Pro component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the detailed_results parameter to search_jobs.html.
CVE-2010-4862 2 Harmistechnology, Joomla 2 Com Jedirectory, Joomla\! 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
CVE-2010-4949 2 Evnix, Joomla 3 Freichat, Freichatpure, Joomla\! 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the (1) FreiChat component before 2.1.2 for Joomla! and the (2) FreiChatPure component before 1.2.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML by entering it in an unspecified window.