Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Stackideas.com

Source -

CNA

BOS Name -

N/A

CNA CVEs -

4

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
4Vulnerabilities found
CVE-2026-21626
Assigner-Joomla! Project
ShareView Details
Assigner-Joomla! Project
CVSS Score-9.2||CRITICAL
EPSS-0.06% / 17.24%
||
7 Day CHG~0.00%
Published-06 Feb, 2026 | 07:49
Updated-06 Feb, 2026 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Extension - stackideas.com - Information disclosure in post custom fields in EasyDiscuss 1.0.0-5.0.15 for Joomla

Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure

Action-Not Available
Vendor-Stackideas.com
Product-EasyDiscuss extension for Joomla
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-21625
Assigner-Joomla! Project
ShareView Details
Assigner-Joomla! Project
CVSS Score-4.8||MEDIUM
EPSS-0.05% / 14.56%
||
7 Day CHG~0.00%
Published-16 Jan, 2026 | 15:06
Updated-30 Jan, 2026 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Extension - stackideas.com - Lack of mime type validation in EasyDiscuss component 1.0.0-5.0.15 for Joomla

User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by file extensions, no mime type checks are happening.

Action-Not Available
Vendor-stackideasStackideas.com
Product-easydiscussEasyDiscuss extension for Joomla
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-21624
Assigner-Joomla! Project
ShareView Details
Assigner-Joomla! Project
CVSS Score-9.4||CRITICAL
EPSS-0.03% / 7.97%
||
7 Day CHG~0.00%
Published-16 Jan, 2026 | 15:05
Updated-30 Jan, 2026 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Extension - stackideas.com - Persistent XSS in EasyDiscuss component 1.0.0-5.0.15 for Joomla

Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss component for Joomla.

Action-Not Available
Vendor-stackideasStackideas.com
Product-easydiscussEasyDiscuss extension for Joomla
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-21623
Assigner-Joomla! Project
ShareView Details
Assigner-Joomla! Project
CVSS Score-9.4||CRITICAL
EPSS-0.03% / 7.97%
||
7 Day CHG~0.00%
Published-16 Jan, 2026 | 15:04
Updated-30 Jan, 2026 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Extension - stackideas.com - Persistent XSS in EasyDiscuss component 1.0.0-5.0.15 for Joomla

Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component for Joomla.

Action-Not Available
Vendor-stackideasStackideas.com
Product-easydiscussEasyDiscuss extension for Joomla
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')