JoomskyCVEs & Vulnerabilities

31 CVEs affecting Joomsky products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

js help desk 12js job manager 11js jobs 6js autoz 1js support ticket 1
CVE-2025-58234MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JoomSky JS Job Manager js-jobs allows Stored XSS.This issue affects JS Job Manager: from n/a through <= 2.0.2.

22 Sep 2025
5.4
CVSS
CVE-2025-32660CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager js-jobs allows Upload a Web Shell to a Web Server.This issue affects JS Job Manager: from n/a through <= 2.0.2.

17 Apr 2025
9.8
CVSS
CVE-2025-32626CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Job Manager js-jobs allows SQL Injection.This issue affects JS Job Manager: from n/a through <= 2.0.2.

17 Apr 2025
9.8
CVSS
CVE-2025-32627HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager js-jobs allows PHP Local File Inclusion.This issue affects JS Job Manager: from n/a through <= 2.0.2.

11 Apr 2025
8.1
CVSS
CVE-2025-32146HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager js-jobs allows PHP Local File Inclusion.This issue affects JS Job Manager: from n/a through <= 2.0.2.

4 Apr 2025
8.8
CVSS
CVE-2025-31868MEDIUM

Missing Authorization vulnerability in JoomSky JS Job Manager js-jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through <= 2.0.2.

1 Apr 2025
5.3
CVSS
CVE-2025-31867MEDIUM

Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Job Manager js-jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through <= 2.0.2.

1 Apr 2025
5.4
CVSS
CVE-2025-30901HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Help Desk js-support-ticket allows PHP Local File Inclusion.This issue affects JS Help Desk: from n/a through <= 2.9.2.

1 Apr 2025
8.1
CVSS
CVE-2025-30886CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows SQL Injection.This issue affects JS Help Desk: from n/a through <= 2.9.2.

1 Apr 2025
10.0
CVSS
CVE-2025-30882HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk js-support-ticket allows Path Traversal.This issue affects JS Help Desk: from n/a through <= 2.9.1.

1 Apr 2025
7.5
CVSS
CVE-2025-30880HIGH

Missing Authorization vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk: from n/a through <= 2.9.2.

1 Apr 2025
7.5
CVSS
CVE-2025-30878CRITICAL

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk js-support-ticket allows Path Traversal.This issue affects JS Help Desk: from n/a through <= 2.9.2.

1 Apr 2025
9.1
CVSS
CVE-2025-22209MEDIUM

A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature.

15 Feb 2025
4.7
CVSS
CVE-2025-22208MEDIUM

A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'filter_email' parameter in the GDPR Erase Data Request search feature.

15 Feb 2025
4.7
CVSS
CVE-2025-22206MEDIUM

A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'fieldfor' parameter in the GDPR Field feature.

4 Feb 2025
4.7
CVSS
CVE-2022-46840MEDIUM

Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1.

13 Dec 2024
5.4
CVSS
CVE-2022-46838CRITICAL

Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1.

13 Dec 2024
9.1
CVSS
CVE-2023-28689MEDIUM

Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through 2.0.0.

9 Dec 2024
6.5
CVSS
CVE-2024-51670MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JoomSky JS Help Desk js-support-ticket allows Stored XSS.This issue affects JS Help Desk: from n/a through <= 2.8.7.

9 Nov 2024
4.8
CVSS
CVE-2024-43274CRITICAL

Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.6.

1 Nov 2024
9.8
CVSS
CVE-2023-25444CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.7.

17 May 2024
9.1
CVSS
CVE-2022-47151HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1.

17 Apr 2024
8.6
CVSS
CVE-2023-31087HIGH

Cross-Site Request Forgery (CSRF) vulnerability in JoomSky JS Job Manager plugin <= 2.0.0 versions.

9 Nov 2023
8.8
CVSS
CVE-2023-25963MEDIUM

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JoomSky JS Job Manager plugin <= 2.0.0 versions.

16 Jun 2023
4.8
CVSS
CVE-2019-17527CRITICAL

dataForDepandantField in models/custormfields.php in the JS JOBS FREE extension before 1.2.7 for Joomla! allows SQL Injection via the index.php?option=com_jsjobs&task=customfields.getfieldtitlebyfieldandfieldfo child parameter.

20 Dec 2019
9.8
CVSS
CVE-2018-21002HIGH

The js-support-ticket plugin before 2.0.6 for WordPress has CSRF.

27 Aug 2019
8.8
CVSS
CVE-2018-20974HIGH

The js-jobs plugin before 1.0.7 for WordPress has CSRF.

17 Aug 2019
8.8
CVSS
CVE-2018-9183MEDIUMpoc

The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS.

2 Apr 2018
5.4
CVSS
CVE-2018-6006CRITICALpoc

SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter.

17 Feb 2018
9.8
CVSS
CVE-2018-5994CRITICALpoc

SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request.

17 Feb 2018
9.8
CVSS
CVE-2018-6007HIGHpoc

CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML or edit a ticket.

29 Jan 2018
8.8
CVSS
← PrevPage 1 / 1Next →