The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Joomla Extensions ~ not comprehensive

vulnerability 29480

Joomla YOOtheme ZOO: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla YOOtheme ZOO, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 06/06/2019.
Identifiers: VIGILANCE-VUL-29480.

Description of the vulnerability

An attacker can use a SQL injection of Joomla YOOtheme ZOO, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 29291

Joomla oziogallery: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla oziogallery, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 14/05/2019.
Identifiers: VIGILANCE-VUL-29291.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla oziogallery, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-18276

Joomla Web Filemanager: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Web Filemanager, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 29/04/2019.
Identifiers: CVE-2018-18276, VIGILANCE-VUL-29152.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Web Filemanager, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 29101

Joomla Kunena: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Kunena, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 23/04/2019.
Identifiers: VIGILANCE-VUL-29101.

Description of the vulnerability

The Kunena extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla Kunena, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-10909 CVE-2019-11358

jQuery, Symfony: Cross Site Scripting via templates

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via templates for Symfony, in order to run JavaScript code in the context of the web site.
Impacted products: Debian, Drupal Core, Fedora, Grafana, IBM API Connect, Joomla Extensions ~ not comprehensive, openSUSE Leap, Red Hat SSO, SLES, Symfony, Synology DSM, TYPO3 Core.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 18/04/2019.
Identifiers: CERTFR-2019-AVI-180, CVE-2019-10909, CVE-2019-11358, DLA-1777-1, DLA-1777-2, DLA-1778-1, DLA-1797-1, DRUPAL-SA-CORE-2019-005, DRUPAL-SA-CORE-2019-006, DSA-4434-1, DSA-4441-1, FEDORA-2019-2a7f472198, FEDORA-2019-32067d8b15, FEDORA-2019-3ee6a7adf2, FEDORA-2019-a3ca65028c, FEDORA-2019-f8db687840, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, openSUSE-SU-2019:1839-1, openSUSE-SU-2019:1872-1, RHSA-2019:1456-01, Synology-SA-19:19, TYPO3-CORE-SA-2019-009, TYPO3-CORE-SA-2019-010, TYPO3-CORE-SA-2019-011, TYPO3-CORE-SA-2019-012, TYPO3-CORE-SA-2019-013, TYPO3-PSA-2019-004, TYPO3-PSA-2019-005, TYPO3-PSA-2019-006, VIGILANCE-VUL-29070.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting via templates for Symfony, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 29028

Joomla JB Bus: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla JB Bus, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 11/04/2019.
Identifiers: VIGILANCE-VUL-29028.

Description of the vulnerability

An attacker can use a SQL injection of Joomla JB Bus, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 29027

Joomla Pinterest Clone Social Pinboard: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Pinterest Clone Social Pinboard, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 11/04/2019.
Identifiers: VIGILANCE-VUL-29027.

Description of the vulnerability

An attacker can use a SQL injection of Joomla Pinterest Clone Social Pinboard, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 28858

Joomla AcyMailing: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla AcyMailing, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 26/03/2019.
Identifiers: VIGILANCE-VUL-28858.

Description of the vulnerability

The AcyMailing extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla AcyMailing, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability 28760

Joomla JEvents: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla JEvents.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion.
Provenance: document.
Creation date: 18/03/2019.
Identifiers: VIGILANCE-VUL-28760.

Description of the vulnerability

An attacker can use several vulnerabilities of Joomla JEvents.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 28648

Joomla Kunena: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Kunena, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 04/03/2019.
Identifiers: VIGILANCE-VUL-28648.

Description of the vulnerability

The Kunena extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla Kunena, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Joomla Extensions ~ not comprehensive: