MidnightBSD

Advisories for joomlaboat

CVE-2013-5956 MEDIUM

Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php in the Youtube Gallery (com_youtubegallery) component 3.4.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the videofile parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
joomlaboat com_youtubegallery 3.4.0
CVE-2014-4960 HIGH

Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
joomlaboat com_youtubegallery 4.1.0
joomlaboat com_youtubegallery 3.9.8
joomlaboat com_youtubegallery 3.9.6
joomlaboat com_youtubegallery 3.9.9
joomlaboat com_youtubegallery 3.9.0
joomlaboat com_youtubegallery 4.1.4
joomlaboat com_youtubegallery 4.1.5
joomlaboat com_youtubegallery 3.9.5
joomlaboat com_youtubegallery 3.9.3
joomlaboat com_youtubegallery 3.9.4
joomlaboat com_youtubegallery 4.1.7
joomlaboat com_youtubegallery 3.9.7
joomlaboat com_youtubegallery 4.1.2
joomlaboat com_youtubegallery 4.1.3
joomlaboat com_youtubegallery 4.1.6
joomlaboat com_youtubegallery 4.0.2
joomlaboat com_youtubegallery 4.1.1
joomlaboat com_youtubegallery 4.0.1
joomlaboat com_youtubegallery 4.0.0
joomlaboat com_youtubegallery 3.9.2
joomlaboat com_youtubegallery 4.0.8
joomlaboat com_youtubegallery 4.0.9