The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors.
Various module chromes didn't properly process inputs, leading to XSS vectors.
Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field.
A Reflected XSS vulnerability in DJ-Reviews component 1.0-1.3.6 for Joomla was discovered.
Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class.
A stored XSS vulnerability in CComment component 5.0.0-6.1.14 for Joomla was discovered.
The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions.
A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered.
A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. The SVG upload feature does not sanitize uploads.
A stored XSS vulnerability in the RSDirectory! component 1.0.0-2.2.8 Joomla was discovered. The issue allows remote authenticated attackers to inject arbitrary web script or HTML via the review reply
A stored XSS vulnerability in ProFiles component 1.0-1.5.0 for Joomla was discovered.
XSS vulnerability in DJ-HelpfulArticles component for Joomla.
Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.
Lack of input filtering leads to an XSS vector in the HTML filter code.
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.
A unauthenticated reflected XSS vulnerability in VirtueMart 1.0.0-4.4.10 for Joomla was discovered.
A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla was discovered.
A stored XSS vulnerability in the RSBlog! component 1.11.6-1.14.5 Joomla was discovered. The issue allows remote authenticated users to inject arbitrary web script or HTML via the jform[tags_text] par
A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. File names are not properly escaped.
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insufficient validation of SVG file uploads in the /admin/media.php component
Page 1+ Next →