Search Results (55 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-54299 2 Joomla, Nobossextensions 2 Joomla!, No Boss Testimonials Component 2026-04-15 N/A
A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla was discovered.
CVE-2025-54301 1 Joomla 2 Joomla, Joomla! 2026-04-15 N/A
A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. File names are not properly escaped.
CVE-2025-54298 1 Joomla 2 Joomla, Joomla! 2026-04-15 N/A
A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered.
CVE-2025-40636 1 Joomla 3 Joomla, Joomla!, Mod Vvisit Counter 2026-04-15 N/A
SQL injection vulnerability in Joomla module mod_vvisit_counter v2.0.4j3. This vulnerability allows an attacker to retrieve database content via the ‘cip_vvisitcounter’ cookie at all endpoints where the plugin counts visits.
CVE-2025-54473 1 Joomla 2 Joomla, Joomla! 2026-04-15 N/A
An authenticated RCE vulnerability in Phoca Commander component 1.0.0-4.0.0 and 5.0.0-5.0.1 for Joomla was discovered. The issue allows code execution via the unzip feature.
CVE-2025-54474 1 Joomla 2 Joomla, Joomla! 2026-04-15 N/A
A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands.
CVE-2025-54300 1 Joomla 2 Joomla, Joomla! 2026-04-15 N/A
A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. The SVG upload feature does not sanitize uploads.
CVE-2026-21632 1 Joomla 2 Joomla!, Joomla\! 2026-04-10 5.4 Medium
Lack of output escaping for article titles leads to XSS vectors in various locations.
CVE-2026-21631 1 Joomla 2 Joomla!, Joomla\! 2026-04-10 5.4 Medium
Lack of output escaping leads to a XSS vector in the multilingual associations component.
CVE-2026-23899 1 Joomla 2 Joomla!, Joomla\! 2026-04-10 8.8 High
An improper access check allows unauthorized access to webservice endpoints.
CVE-2026-21629 1 Joomla 2 Joomla!, Joomla\! 2026-04-10 7.3 High
The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers.
CVE-2026-23898 1 Joomla 2 Joomla!, Joomla\! 2026-04-10 7.2 High
Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism.
CVE-2026-21630 1 Joomla 2 Joomla!, Joomla\! 2026-04-10 8.8 High
Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint.
CVE-2025-63083 1 Joomla 3 Joomla, Joomla!, Joomla\! 2026-01-30 6.1 Medium
Lack of output escaping leads to a XSS vector in the pagebreak plugin.
CVE-2025-63082 1 Joomla 3 Joomla, Joomla!, Joomla\! 2026-01-30 6.1 Medium
Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.