JoobiCVEs & Vulnerabilities

7 CVEs affecting Joobi products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

jnews 3acajoom 2com jnews 2com jstore 1
CVE-2015-7342HIGH

JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.

9 Mar 2020
7.2
CVSS
CVE-2015-7341HIGH

JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension.

9 Mar 2020
8.8
CVSS
CVE-2015-7343MEDIUM

JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter.

9 Mar 2020
4.8
CVSS
CVE-2013-1636MEDIUMpoc

Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter.

12 Mar 2014
4.3
CVSS
CVE-2010-5286CRITICALpoc

Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.

27 Nov 2012
10.0
CVSS
CVE-2012-4256MEDIUM

The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message.

13 Aug 2012
5.0
CVSS
CVE-2008-1427HIGHpoc

SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 and 1.2.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mailingid parameter in a mailing view action to index.php.

20 Mar 2008
7.5
CVSS
← PrevPage 1 / 1Next →