The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Joomla Extensions ~ not comprehensive

vulnerability 23270

Joomla IJSEO: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla IJSEO, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 17/07/2017.
Identifiers: VIGILANCE-VUL-23270.

Description of the vulnerability

The Joomla IJSEO product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla IJSEO, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin 23193

Joomla Akobook: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Akobook, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 11/07/2017.
Identifiers: VIGILANCE-VUL-23193.

Description of the vulnerability

The Akobook extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla Akobook, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note 23119

Joomla EasySocial: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla EasySocial, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 03/07/2017.
Identifiers: VIGILANCE-VUL-23119.

Description of the vulnerability

The EasySocial extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla EasySocial, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability 22850

Joomla Kunena: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Kunena, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 29/05/2017.
Identifiers: VIGILANCE-VUL-22850.

Description of the vulnerability

The Kunena extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla Kunena, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce 22817

Joomla VideoFlow: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla VideoFlow, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 24/05/2017.
Identifiers: VIGILANCE-VUL-22817.

Description of the vulnerability

The Joomla VideoFlow product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla VideoFlow, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert 22636

Joomla com_tag: SQL injection via Tag

Synthesis of the vulnerability

An attacker can use a SQL injection via Tag of Joomla com_tag, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 03/05/2017.
Identifiers: VIGILANCE-VUL-22636.

Description of the vulnerability

The Joomla com_tag product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection via Tag of Joomla com_tag, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability 22620

Joomla JGrid: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla JGrid, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 02/05/2017.
Identifiers: VIGILANCE-VUL-22620.

Description of the vulnerability

The Joomla JGrid product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla JGrid, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin 22578

Joomla jDBexport: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla jDBexport, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 27/04/2017.
Identifiers: VIGILANCE-VUL-22578.

Description of the vulnerability

The jDBexport extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla jDBexport, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin 22563

Joomla Myportfolio: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Myportfolio, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 26/04/2017.
Identifiers: VIGILANCE-VUL-22563.

Description of the vulnerability

The Joomla Myportfolio product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Myportfolio, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert 22486

Joomla com_phocadownload: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla com_phocadownload, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 18/04/2017.
Identifiers: VIGILANCE-VUL-22486.

Description of the vulnerability

The Joomla com_phocadownload product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla com_phocadownload, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Joomla Extensions ~ not comprehensive: