MidnightBSD

Advisories for joobi

CVE-2013-1636 MEDIUM

Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
civicrm civicrm 4.1.0
civicrm civicrm 3.2.5
blair_williams pretty_link_lite *
civicrm civicrm 3.1.0
civicrm civicrm 3.3.2
blair_williams pretty_link_lite 1.6.1
civicrm civicrm 4.1.5
caseproof prettylinks *
civicrm civicrm 3.1.6
civicrm civicrm 3.2.3
civicrm civicrm 3.1.1
civicrm civicrm 4.3.1
civicrm civicrm 4.1.6
civicrm civicrm 4.2.0
civicrm civicrm 3.3.6
civicrm civicrm 4.3.0
civicrm civicrm 4.3.2
civicrm civicrm 3.1.3
civicrm civicrm 3.2.2
civicrm civicrm 4.2.1
civicrm civicrm 4.2.8
civicrm civicrm 4.3.3
civicrm civicrm 3.2.1
civicrm civicrm 3.3.1
civicrm civicrm 4.2.9
civicrm civicrm 3.3.0
civicrm civicrm 3.4.0
civicrm civicrm 4.1.2
civicrm civicrm 3.2.0
civicrm civicrm 3.3.5
civicrm civicrm 4.0.5
civicrm civicrm 3.2.4
joobi com_jnews 8.0.1
civicrm civicrm 4.1.4
caseproof prettylinks 1.6.1
civicrm civicrm 4.2.6
civicrm civicrm 4.1.3
caseproof prettylinks 1.6.0
civicrm civicrm 4.2.7
civicrm civicrm 3.1.2
civicrm civicrm 3.1.4
civicrm civicrm 4.2.2
civicrm civicrm 4.1.1
civicrm civicrm 4.2.4
civicrm civicrm 3.3.3
blair_williams pretty_link_lite 1.6.0
civicrm civicrm 3.1.5
civicrm civicrm 4.2.5
CVE-2015-7341 MEDIUM

JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
joobi jnews *
CVE-2015-7342 MEDIUM

JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
joobi jnews *
CVE-2015-7343 LOW

JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
joobi jnews 8.3.1