The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Joomla Extensions ~ not comprehensive

vulnerability announce 25932

Joomla JS Jobs: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla JS Jobs, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 19/04/2018.
Identifiers: VIGILANCE-VUL-25932.

Description of the vulnerability

The JS Jobs extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla JS Jobs, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin 25873

Joomla Watchfulli SSO: security improvement

Synthesis of the vulnerability

The security of Joomla Watchfulli SSO was improved.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 1/4.
Creation date: 13/04/2018.
Identifiers: VIGILANCE-VUL-25873.

Description of the vulnerability

This bulletin is about a security improvement.

It does not describe a vulnerability.

The security of Joomla Watchfulli SSO was therefore improved.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2018-10068

Joomla jDownloads: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla jDownloads, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 10/04/2018.
Identifiers: CVE-2018-10068, VIGILANCE-VUL-25827.

Description of the vulnerability

The jDownloads extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla jDownloads, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert 25801

Joomla VirtueMart: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla VirtueMart, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 09/04/2018.
Identifiers: VIGILANCE-VUL-25801.

Description of the vulnerability

The VirtueMart extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla VirtueMart, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2018-9183

Joomla JS Jobs: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla JS Jobs, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 30/03/2018.
Identifiers: CVE-2018-9183, VIGILANCE-VUL-25740.

Description of the vulnerability

The JS Jobs extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla JS Jobs, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note 25599

Joomla Attachments: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Attachments, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 20/03/2018.
Identifiers: VIGILANCE-VUL-25599.

Description of the vulnerability

The Joomla Attachments product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Attachments, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability 25570

Joomla Google Map Landkarten: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Google Map Landkarten, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 16/03/2018.
Identifiers: VIGILANCE-VUL-25570.

Description of the vulnerability

The Joomla Google Map Landkarten product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Google Map Landkarten, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note 25529

Joomla JomEstate: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla JomEstate, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 12/03/2018.
Identifiers: VIGILANCE-VUL-25529.

Description of the vulnerability

The Joomla JomEstate product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla JomEstate, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2018-5983

Joomla JQuickContact: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla JQuickContact, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 08/03/2018.
Identifiers: CVE-2018-5983, VIGILANCE-VUL-25498.

Description of the vulnerability

The Joomla JQuickContact product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla JQuickContact, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2018-6004

Joomla File Download Tracker: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla File Download Tracker, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 08/03/2018.
Identifiers: CVE-2018-6004, VIGILANCE-VUL-25497.

Description of the vulnerability

The Joomla File Download Tracker product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla File Download Tracker, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Joomla Extensions ~ not comprehensive: