The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Joomla Extensions ~ not comprehensive

vulnerability note 21714

Joomla JTAG Calendar: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla JTAG Calendar, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 30/01/2017.
Identifiers: VIGILANCE-VUL-21714.

Description of the vulnerability

The Joomla JTAG Calendar product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla JTAG Calendar, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin 21713

Joomla Store Locator: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Store Locator, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 30/01/2017.
Identifiers: VIGILANCE-VUL-21713.

Description of the vulnerability

The Store Locator extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla Store Locator, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability 21570

Joomla RSMonials: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla RSMonials, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 12/01/2017.
Identifiers: VIGILANCE-VUL-21570.

Description of the vulnerability

The RSMonials extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla RSMonials, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin 21513

Joomla Kunena: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Kunena, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 04/01/2017.
Identifiers: VIGILANCE-VUL-21513.

Description of the vulnerability

The Kunena extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla Kunena, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2016-10114

Joomla aWeb Cart Watching System for Virtuemart: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla aWeb Cart Watching System for Virtuemart, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 30/12/2016.
Identifiers: CVE-2016-10114, VIGILANCE-VUL-21486.

Description of the vulnerability

The Joomla aWeb Cart Watching System for Virtuemart product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla aWeb Cart Watching System for Virtuemart, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert 21481

Joomla JMS Support Online: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla JMS Support Online, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 29/12/2016.
Identifiers: VIGILANCE-VUL-21481.

Description of the vulnerability

The JMS Support Online extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla JMS Support Online, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin 21473

Joomla com_blog_calendar: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla com_blog_calendar, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 29/12/2016.
Identifiers: VIGILANCE-VUL-21473.

Description of the vulnerability

The Joomla com_blog_calendar product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla com_blog_calendar, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note 21414

Joomla com_rpl: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla com_rpl, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 19/12/2016.
Identifiers: VIGILANCE-VUL-21414.

Description of the vulnerability

The Joomla com_rpl product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla com_rpl, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note 21299

Joomla JS Jobs: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla JS Jobs, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 07/12/2016.
Identifiers: VIGILANCE-VUL-21299.

Description of the vulnerability

The Joomla JS Jobs product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla JS Jobs, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability 21220

Joomla Kunena: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Kunena, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 28/11/2016.
Identifiers: VIGILANCE-VUL-21220.

Description of the vulnerability

The Kunena extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla Kunena, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Joomla Extensions ~ not comprehensive: