The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Joomla Extensions ~ not comprehensive

vulnerability 28760

Joomla JEvents: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla JEvents.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion.
Provenance: document.
Creation date: 18/03/2019.
Identifiers: VIGILANCE-VUL-28760.

Description of the vulnerability

An attacker can use several vulnerabilities of Joomla JEvents.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 28648

Joomla Kunena: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Kunena, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 04/03/2019.
Identifiers: VIGILANCE-VUL-28648.

Description of the vulnerability

The Kunena extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla Kunena, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 28594

Joomla Edocman: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Edocman, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 25/02/2019.
Identifiers: VIGILANCE-VUL-28594.

Description of the vulnerability

The Joomla Edocman product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Edocman, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 28318

Joomla JoomCRM: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla JoomCRM, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 21/01/2019.
Identifiers: VIGILANCE-VUL-28318.

Description of the vulnerability

The Joomla JoomCRM product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla JoomCRM, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 28317

Joomla JoomProject: information disclosure via Json Format

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Json Format of Joomla JoomProject, in order to obtain sensitive information.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 21/01/2019.
Identifiers: VIGILANCE-VUL-28317.

Description of the vulnerability

An attacker can bypass access restrictions to data via Json Format of Joomla JoomProject, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 28316

Joomla J-CruiseReservation: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla J-CruiseReservation, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 21/01/2019.
Identifiers: VIGILANCE-VUL-28316.

Description of the vulnerability

The Joomla J-CruiseReservation product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla J-CruiseReservation, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 28141

Joomla Kunena: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Kunena, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 31/12/2018.
Identifiers: VIGILANCE-VUL-28141.

Description of the vulnerability

The Kunena extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla Kunena, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability 27880

Joomla Music Collection: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Music Collection, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 26/11/2018.
Identifiers: VIGILANCE-VUL-27880.

Description of the vulnerability

An attacker can use a SQL injection of Joomla Music Collection, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

vulnerability 27860

Joomla Kunena: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Kunena, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 21/11/2018.
Identifiers: VIGILANCE-VUL-27860.

Description of the vulnerability

The Kunena extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla Kunena, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 27828

Joomla Jimtawl: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Jimtawl, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 19/11/2018.
Identifiers: VIGILANCE-VUL-27828.

Description of the vulnerability

The Joomla Jimtawl product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Jimtawl, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Joomla Extensions ~ not comprehensive: