An Open Redirect vulnerability was found in osTicky2 below 2.2.8. osTicky (osTicket Bridge) by SmartCalc is a Joomla 3.x extension that provides Joomla fronted integration with osTicket, a popular Support ticket system. The Open Redirect vulnerability allows attackers to control the return parameter in the URL to a base64 malicious URL.
Max CVSS
N/A
EPSS Score
0.06%
Published
2024-02-15
Updated
2024-02-16
An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.
Max CVSS
4.3
EPSS Score
0.07%
Published
2023-02-01
Updated
2023-02-09
An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users.
Max CVSS
4.3
EPSS Score
0.05%
Published
2020-07-15
Updated
2020-07-15
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS.
Max CVSS
4.8
EPSS Score
0.18%
Published
2019-01-16
Updated
2019-02-26
An issue was discovered in Joomla! before 3.8.13. Inadequate checks in com_contact could allow mail submission in disabled forms.
Max CVSS
4.3
EPSS Score
0.27%
Published
2018-10-09
Updated
2019-10-03
An issue was discovered in Joomla! before 3.8.13. Inadequate checks on the tags search fields can lead to an access level violation.
Max CVSS
4.3
EPSS Score
0.29%
Published
2018-10-09
Updated
2019-10-03
An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability.
Max CVSS
4.7
EPSS Score
0.47%
Published
2018-05-22
Updated
2018-06-22
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission.
Max CVSS
4.3
EPSS Score
0.21%
Published
2018-05-22
Updated
2018-06-22
An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack.
Max CVSS
4.8
EPSS Score
0.27%
Published
2018-05-22
Updated
2018-06-22
In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.
Max CVSS
4.3
EPSS Score
0.18%
Published
2017-11-10
Updated
2017-11-28
In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.
Max CVSS
4.3
EPSS Score
0.47%
Published
2017-09-20
Updated
2019-10-03
Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.25%
Published
2015-09-18
Updated
2016-12-08
Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
3.71%
Published
2014-10-08
Updated
2014-10-10
Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
3.71%
Published
2014-10-08
Updated
2014-10-10
Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.15%
Published
2014-10-08
Updated
2014-10-09
SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.like action to index.php.
Max CVSS
4.3
EPSS Score
0.70%
Published
2014-01-26
Updated
2018-10-09
Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
Max CVSS
4.3
EPSS Score
0.20%
Published
2013-12-29
Updated
2016-12-31
Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
3.71%
Published
2013-05-03
Updated
2013-05-03
Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
3.71%
Published
2013-05-03
Updated
2013-05-03
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
3.71%
Published
2013-05-03
Updated
2013-05-03
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors.
Max CVSS
4.0
EPSS Score
0.11%
Published
2013-05-03
Updated
2013-05-03
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors.
Max CVSS
4.0
EPSS Score
0.91%
Published
2013-05-03
Updated
2013-05-03
Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection."
Max CVSS
4.3
EPSS Score
0.42%
Published
2012-11-11
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error."
Max CVSS
4.3
EPSS Score
0.22%
Published
2012-10-22
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
0.69%
Published
2012-10-31
Updated
2012-11-01
60 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!