Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Joomlaextensions

Source -

CNA

BOS Name -

N/A

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
3Vulnerabilities found
CVE-2018-25337
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 2.93%
||
7 Day CHG~0.00%
Published-17 May, 2026 | 12:11
Updated-18 May, 2026 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Joomla JoomOCShop 1.0 Cross-Site Request Forgery

Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML forms targeting account endpoints like /joomoc2/?route=account/edit and to modify user information or reset passwords without user consent.

Action-Not Available
Vendor-Joomlaextensions
Product-Joomla! extension JoomOCShop
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-25336
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 7.31%
||
7 Day CHG~0.00%
Published-17 May, 2026 | 12:11
Updated-18 May, 2026 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Joomla jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery

Joomla jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account details when victims visit the attacker-controlled page.

Action-Not Available
Vendor-Joomlaextensions
Product-Joomla! extension jCart for OpenCart
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-25330
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.8||HIGH
EPSS-0.03% / 10.35%
||
7 Day CHG~0.00%
Published-17 May, 2026 | 12:11
Updated-18 May, 2026 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Joomla! EkRishta 2.10 Persistent XSS and SQL Injection

Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when users visit the profile, or submit SQL injection payloads via the phone_no parameter to the user_setting endpoint to manipulate database queries.

Action-Not Available
Vendor-Joomlaextensions
Product-Joomla! extension EkRishta
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')