cbcvebase.

Stackideas Easydiscuss vulnerabilities

6 known vulnerabilities affecting stackideas/easydiscuss.

Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2026-21625P3HIGHCVSS 8.8≥ 1.0.0, ≤ 5.0.152026-01-16
CVE-2026-21625 [HIGH] CWE-434 CVE-2026-21625: User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads ar User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by file extensions, no mime type checks are happening.
nvd
CVE-2018-5263P4MEDIUMCVSS 5.4PoCfixed in 4.0.212018-01-08
CVE-2018-5263 [MEDIUM] CWE-79 CVE-2018-5263: The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0.21 for Joomla! allows XSS. The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0.21 for Joomla! allows XSS.
nvd
CVE-2023-51810P3HIGHCVSS 7.5≥ 5.0.5, < 5.0.102024-01-16
CVE-2023-51810 [HIGH] CWE-89 CVE-2023-51810: SQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixed in v.5.0.10 allows a remote SQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixed in v.5.0.10 allows a remote attacker to obtain sensitive information via a crafted request to the search parameter in the Users module.
nvd
CVE-2026-21626P3HIGHCVSS 7.5≥ 1.0.0, ≤ 5.0.152026-02-06
CVE-2026-21626 [HIGH] CWE-200 CVE-2026-21626: Access control settings for forum post custom fields are not applied to the JSON output type, leadin Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure
nvd
CVE-2026-21623P4MEDIUMCVSS 5.4≥ 1.0.0, ≤ 5.0.152026-01-16
CVE-2026-21623 [MEDIUM] CWE-79 CVE-2026-21623: Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Ea Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component for Joomla.
nvd
CVE-2026-21624P4MEDIUMCVSS 5.4≥ 1.0.0, ≤ 5.0.152026-01-16
CVE-2026-21624 [MEDIUM] CWE-79 CVE-2026-21624: Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss component for Joomla.
nvd
Stackideas Easydiscuss vulnerabilities | cvebase