MidnightBSD

Advisories for virtuemart

CVE-2005-4829 HIGH

VirtueMart before 1.0.1 does not properly handle errors when a user is forbidden to read a requested page, which has unknown impact and remote attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
virtuemart virtuemart *
CVE-2006-6945 HIGH

SQL injection vulnerability in Virtuemart 1.0.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) Itemid, (2) product_id, and category_id parameters as handled in virtuemart_parser.php.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
virtuemart virtuemart 1.0.7
CVE-2007-0376 MEDIUM

Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
virtuemart virtuemart 1.0.7
CVE-2007-1096 MEDIUM

Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
virtuemart virtuemart *
CVE-2015-3619 LOW

Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in the VirtueMart component before 3.0.8 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors involving a "double encode combination of first_name, last_name and company."

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
virtuemart virtuemart *
CVE-2016-10379 MEDIUM

The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
virtuemart virtuemart 3.0.14
CVE-2018-7465 LOW

An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding </textarea> to the value and saving the product/config. By editing back the product/config, the editor's browser will execute everything after the </textarea>, leading to a possible XSS.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
virtuemart virtuemart *
CVE-2025-25228

A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area in backend.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 3.8 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N 1.2 2.5

Products Affected

Vendor Product Version
virtuemart virtuemart *