Joomla ! vulnerabilities

CVE-2013-3267 [MEDIUM] CWE-79 CVE-2013-3267: Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 an Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2013-1453 [HIGH] CVE-2013-1453: plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowe

CVE-2013-1455 [MEDIUM] CWE-200 CVE-2013-1455: Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable."

CVE-2013-1454 [MEDIUM] CWE-200 CVE-2013-1454: Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors."

CVE-2012-1598 [HIGH] CWE-264 CVE-2012-1598: Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient rando Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."

CVE-2012-1599 [MEDIUM] CWE-264 CVE-2012-1599: Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain se Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611.

CVE-2012-5827 [MEDIUM] CVE-2012-5827: Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking at Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection."

CVE-2012-4531 [MEDIUM] CWE-79 CVE-2012-4531: Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to in Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2012-4532 [MEDIUM] CWE-79 CVE-2012-4532: Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language S Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information.

CVE-2012-5455 [MEDIUM] CWE-79 CVE-2012-5455: Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 al Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error."

CVE-2011-4911 [MEDIUM] CWE-20 CVE-2011-4911: Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attac Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors.

CVE-2011-4910 [MEDIUM] CWE-79 CVE-2011-4910: Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

CVE-2011-4909 [MEDIUM] CWE-79 CVE-2011-4909: Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.p

CVE-2012-1116 [HIGH] CWE-89 CVE-2012-1116: SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execu SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2012-1117 [MEDIUM] CWE-79 CVE-2012-1117: Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 allows remote attackers to injec Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2012-0819 [MEDIUM] CVE-2012-0819: Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0821.

CVE-2012-0835 [MEDIUM] CVE-2012-0835: Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to o Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain sensitive information via unknown vectors related to "administrator."

CVE-2012-1611 [MEDIUM] CVE-2012-1611: Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sen Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599.

CVE-2012-0820 [MEDIUM] CWE-79 CVE-2012-0820: Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attac Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0822.

CVE-2012-0821 [MEDIUM] CVE-2012-0821: Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0819.