Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

joobi

Source -

NVD

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

7
Related CVEsRelated ProductsRelated AssignersReports
0Vulnerabilities found
CVE-2015-7341
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.42% / 61.27%
||
7 Day CHG~0.00%
Published-09 Mar, 2020 | 16:17
Updated-06 Aug, 2024 | 07:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension.

Action-Not Available
Vendor-joobin/a
Product-jnewsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2015-7342
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.54%
||
7 Day CHG~0.00%
Published-09 Mar, 2020 | 16:16
Updated-06 Aug, 2024 | 07:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.

Action-Not Available
Vendor-joobin/a
Product-jnewsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2015-7343
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.24% / 46.30%
||
7 Day CHG~0.00%
Published-09 Mar, 2020 | 13:39
Updated-06 Aug, 2024 | 07:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter.

Action-Not Available
Vendor-joobin/a
Product-jnewsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-1636
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-11.82% / 93.45%
||
7 Day CHG-2.17%
Published-12 Mar, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter.

Action-Not Available
Vendor-civicrmjoobicaseproofn/a
Product-civicrmprettylinkscom_jnewsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-5286
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-32.16% / 96.67%
||
7 Day CHG~0.00%
Published-26 Nov, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.

Action-Not Available
Vendor-joobin/aJoomla!
Product-joomla\!com_jstoren/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2012-4256
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.24%
||
7 Day CHG~0.00%
Published-13 Aug, 2012 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message.

Action-Not Available
Vendor-joobin/aJoomla!
Product-com_jnewsjoomla\!n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-1427
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 3.17%
||
7 Day CHG~0.00%
Published-20 Mar, 2008 | 18:00
Updated-07 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 and 1.2.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mailingid parameter in a mailing view action to index.php.

Action-Not Available
Vendor-joobin/aJoomla!
Product-com_acajoomacajoomn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')