The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Joomla Extensions ~ not comprehensive

threat bulletin 30167

Joomla jDownloads: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla jDownloads, in order to read or alter data.
Severity: 2/4.
Creation date: 26/08/2019.
Identifiers: VIGILANCE-VUL-30167.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Joomla jDownloads product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla jDownloads, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

threat CVE-2019-15120

Joomla Kunena: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Kunena, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 19/08/2019.
Identifiers: CVE-2019-15120, VIGILANCE-VUL-30084.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Kunena extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla Kunena, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

security alert 30029

Joomla JS Support Ticket: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla JS Support Ticket, in order to read or alter data.
Severity: 2/4.
Creation date: 13/08/2019.
Identifiers: VIGILANCE-VUL-30029.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Joomla JS Support Ticket product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla JS Support Ticket, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 30028

Joomla JS Support Ticket: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Joomla JS Support Ticket, in order to read a file outside the service root path.
Severity: 2/4.
Creation date: 13/08/2019.
Identifiers: VIGILANCE-VUL-30028.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can traverse directories of Joomla JS Support Ticket, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

weakness note 30017

Joomla Easy Discuss: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Easy Discuss, in order to read or alter data.
Severity: 2/4.
Creation date: 12/08/2019.
Identifiers: VIGILANCE-VUL-30017.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Joomla Easy Discuss product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Easy Discuss, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

weakness announce 29480

Joomla YOOtheme ZOO: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla YOOtheme ZOO, in order to read or alter data.
Severity: 2/4.
Creation date: 06/06/2019.
Identifiers: VIGILANCE-VUL-29480.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a SQL injection of Joomla YOOtheme ZOO, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

weakness alert 29291

Joomla oziogallery: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla oziogallery, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 14/05/2019.
Identifiers: VIGILANCE-VUL-29291.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla oziogallery, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

security weakness CVE-2018-18276

Joomla Web Filemanager: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Web Filemanager, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 29/04/2019.
Identifiers: CVE-2018-18276, VIGILANCE-VUL-29152.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Web Filemanager, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer weakness 29101

Joomla Kunena: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Kunena, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 23/04/2019.
Identifiers: VIGILANCE-VUL-29101.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Kunena extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla Kunena, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer threat bulletin CVE-2019-10909 CVE-2019-11358

jQuery, Symfony: Cross Site Scripting via templates

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via templates for Symfony, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 18/04/2019.
Identifiers: bulletinoct2019, CERTFR-2019-AVI-180, cpuoct2019, CVE-2019-10909, CVE-2019-11358, DLA-1777-1, DLA-1777-2, DLA-1778-1, DLA-1797-1, DRUPAL-SA-CORE-2019-005, DRUPAL-SA-CORE-2019-006, DSA-4434-1, DSA-4441-1, FEDORA-2019-2a7f472198, FEDORA-2019-32067d8b15, FEDORA-2019-3ee6a7adf2, FEDORA-2019-a3ca65028c, FEDORA-2019-f8db687840, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, openSUSE-SU-2019:1839-1, openSUSE-SU-2019:1872-1, RHSA-2019:1456-01, Synology-SA-19:19, TYPO3-CORE-SA-2019-009, TYPO3-CORE-SA-2019-010, TYPO3-CORE-SA-2019-011, TYPO3-CORE-SA-2019-012, TYPO3-CORE-SA-2019-013, TYPO3-PSA-2019-004, TYPO3-PSA-2019-005, TYPO3-PSA-2019-006, VIGILANCE-VUL-29070.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Scripting via templates for Symfony, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Joomla Extensions ~ not comprehensive: