cbcvebase.

Joomsky Js Jobs vulnerabilities

8 known vulnerabilities affecting joomsky/js_jobs.

Total CVEs
8
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM6

Vulnerabilities

Page 1 of 1
CVE-2018-5994P2CRITICALCVSS 9.8PoCv1.1.92018-02-17
CVE-2018-5994 [CRITICAL] CWE-89 CVE-2018-5994: SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newes SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request.
nvd
CVE-2018-9183P4MEDIUMCVSS 5.4PoCfixed in 1.2.12018-04-02
CVE-2018-9183 [MEDIUM] CWE-79 CVE-2018-9183: The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS. The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS.
nvd
CVE-2019-17527P3CRITICALCVSS 9.8fixed in 1.2.72019-12-19
CVE-2019-17527 [CRITICAL] CWE-89 CVE-2019-17527: dataForDepandantField in models/custormfields.php in the JS JOBS FREE extension before 1.2.7 for Joo dataForDepandantField in models/custormfields.php in the JS JOBS FREE extension before 1.2.7 for Joomla! allows SQL Injection via the index.php?option=com_jsjobs&task=customfields.getfieldtitlebyfieldandfieldfo child parameter.
nvd
CVE-2019-25740P3MEDIUMCVSS 6.5v1.2.62026-06-04
CVE-2019-25740 [MEDIUM] CWE-22 CVE-2019-25740: Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST requests to the job.savejob task with path traversal sequences in the field_2 parameter to delete arbitrary files accessible to the web server.
nvd
CVE-2025-22206P3MEDIUMCVSS 4.7≥ 1.1.5, ≤ 1.4.22025-02-04
CVE-2025-22206 [MEDIUM] CWE-89 CVE-2025-22206: A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authentic A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'fieldfor' parameter in the GDPR Field feature.
nvd
CVE-2025-22208P4MEDIUMCVSS 4.7≥ 1.1.5, ≤ 1.4.32025-02-15
CVE-2025-22208 [MEDIUM] CWE-89 CVE-2025-22208: A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authentic A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'filter_email' parameter in the GDPR Erase Data Request search feature.
nvd
CVE-2025-22209P4MEDIUMCVSS 4.7≥ 1.1.5, ≤ 1.4.32025-02-15
CVE-2025-22209 [MEDIUM] CWE-89 CVE-2025-22209: A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authentic A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature.
nvd
CVE-2018-25327P4MEDIUMCVSS 5.3v1.2.02026-05-17
CVE-2018-25327 [MEDIUM] CWE-352 CVE-2018-25327: Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows atta Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modify component settings when administrators visit attack
nvd
Joomsky Js Jobs vulnerabilities | cvebase