Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-7343 | 1 Joobi | 1 Jnews | 2020-03-10 | 3.5 LOW | 4.8 MEDIUM |
JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter. | |||||
CVE-2015-7341 | 1 Joobi | 1 Jnews | 2020-03-10 | 6.5 MEDIUM | 8.8 HIGH |
JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension. | |||||
CVE-2015-7342 | 1 Joobi | 1 Jnews | 2020-03-10 | 6.5 MEDIUM | 7.2 HIGH |
JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field. |