Shodan
Vulnerabilities
Vulnerable Software
Joomla:  >> Joomla!  >> 3.10.11  Security Vulnerabilities
CVE-2024-26279
The wrapper extensions do not correctly validate inputs, leading to XSS vectors.
CVSS Score
6.1
EPSS Score
0.0
Published
2024-07-09
CVE-2024-21731
Improper handling of input could lead to an XSS vector in the StringHelper::truncate method.
CVSS Score
6.1
EPSS Score
0.0
Published
2024-07-09
CVE-2024-26278
The Custom Fields component not correctly filter inputs, leading to a XSS vector.
CVSS Score
6.1
EPSS Score
0.0
Published
2024-07-09
CVE-2024-21724
Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions.
CVSS Score
6.1
EPSS Score
0.0
Published
2024-02-29
CVE-2023-40626
The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-11-29
CVE-2015-4654
SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.
CVSS Score
7.5
EPSS Score
0.0
Published
2015-06-18
CVE-2013-5955
Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary parameter in an edit action to administrator/index.php.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-03-19
CVE-2013-5953
Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) calid or (2) paletteDefault parameter in an editevent action to index.php.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-03-19
CVE-2013-5952
Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) xhash parameter to client/chat.php or (3) toname parameter to client/plugins/upload/upload.php.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-03-19
CVE-2014-0793
Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) latitude parameter in a comment to the default URI.
CVSS Score
4.3
EPSS Score
0.006
Published
2014-01-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved