{"success":true,"data":{"api_version":"1.0","api_version_name":"Chuckles","timestamp":"2024-07-15T22:55:22+00:00","license":"GNU\/GPL","items":[{"id":"814","title":"Advanced custom fields, 2.7.7, SQL Injection","description":"<p>Version: Old 2.8.2 \/ New 2.8.3<\/p>\r\n<p>Update details: Improved sanitization\/escaping of custom field values in v2.8.3<\/p>\r\n<p>Update URL: https:\/\/www.tassos.gr\/releases\/advanced-custom-fields\/advanced-custom-fields-2-8-3?format=htmlChangelog<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extension\/advanced-custom-fields\/","created":"2024-06-30T00:00:00+00:00","modified":"2024-07-15T22:55:22+00:00","statusText":"Live"},{"id":"813","title":"Phoca Gallery, 5.0.0, XSS (Cross Site Scripting)","description":"<p>Update to 4.4.3, 4.5.0,5.0.1<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extension\/phoca-gallery\/","created":"2024-06-30T00:00:00+00:00","modified":"2024-07-10T19:21:17+00:00","statusText":"Live"},{"id":"792","title":"Virtual Classroom, , SQL Injection","description":"<p>Developer release blog<br \/>https:\/\/blog.braincert.com\/virtual-classroom-security-release-elevate-your-online-learning-on-wordpress-and-joomla\/<\/p>","status":"2","created":"2023-07-07T00:00:00+00:00","modified":"2024-03-12T16:27:18+00:00","statusText":"Resolved"},{"id":"810","title":"osTicky2, , Other","description":"<p>This extension is abandoned and should be removed from your site<\/p>","status":"1","created":"2024-02-15T00:00:00+00:00","modified":"2024-03-03T22:46:19+00:00","statusText":"Live"},{"id":"801","title":"bagallery , , Other","description":"<p>Developer statement<br \/>Old 1.1 \/ New 1.2<\/p>\r\n<p>Update details: We have thoroughly tested all the code in our component to ensure it is free of any security issues.<\/p>\r\n<p>Update URL: https:\/\/bestaddon.com\/product\/ba-gallery\/Changelog<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/ba-gallery\/","created":"2023-07-25T00:00:00+00:00","modified":"2024-03-03T22:21:17+00:00","statusText":"Resolved"},{"id":"808","title":"LazyDbBackup, 3.9.0, Other","description":"<h2>LazyDbBackup<\/h2>\r\n<dl>\r\n<dt>Version:<\/dt>\r\n\u00a0\r\n<dd>4.0.8<\/dd>\r\n\u00a0\r\n<dt><\/dt>\r\n<\/dl>\r\n<div id=\"gtx-trans\" style=\"position: absolute; left: -18px; top: 74.75px;\">\u00a0<\/div>","status":"1","jed":"https:\/\/extensions.joomla.org\/extension\/lazydbbackup\/","created":"2023-09-18T00:00:00+00:00","modified":"2023-10-19T23:55:00+00:00","statusText":"Live"},{"id":"809","title":"EasyShop, 1.4.1, XSS (Cross Site Scripting)","status":"1","jed":"https:\/\/extensions.joomla.org\/extension\/easy-shop\/","created":"2023-09-22T00:00:00+00:00","modified":"2023-10-19T23:48:17+00:00","statusText":"Live"},{"id":"775","title":"Creative Gallery, , SQL Injection","status":"1","created":"2023-05-04T00:00:00+00:00","modified":"2023-08-22T15:16:13+00:00","statusText":"Live"},{"id":"790","title":" Plugin Creative Gallery , , SQL Injection","status":"1","created":"2023-07-07T00:00:00+00:00","modified":"2023-08-22T15:16:06+00:00","statusText":"Live"},{"id":"796","title":"admirror gallery, , XSS (Cross Site Scripting)","status":"1","cve_id":"CVE-2023-38045","created":"2023-07-12T00:00:00+00:00","modified":"2023-08-22T15:11:49+00:00","statusText":"Live"},{"id":"804","title":"acymailing, pre 8.7.0 , Other","description":"<p>acymailing, pre 8.7.0 ,\u00a0 Other\u00a0 multiple<\/p>","status":"1","risk_level":"very high","created":"2023-08-18T00:00:00+00:00","modified":"2023-08-18T20:24:33+00:00","statusText":"Live"},{"id":"803","title":"Solidres, 2.13.3, hub plugin XSS (Cross Site Scripting)","description":"<p><a href=\"https:\/\/www.solidres.com\/forum\/report-bugs\/12031-vulnerability-joomla-solidres-2-13-3-reflected-xss\">https:\/\/www.solidres.com\/forum\/report-bugs\/12031-vulnerability-joomla-solidres-2-13-3-reflected-xss<\/a><\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extension\/vertical-markets\/booking-a-reservations\/solidres\/","created":"2023-07-30T00:00:00+00:00","modified":"2023-08-01T19:52:51+00:00","statusText":"Live"},{"id":"749","title":"EDocman, 1.23.3, XSS (Cross Site Scripting)","description":"<p>developer update<br \/><a href=\"https:\/\/joomdonation.com\/forum\/edocman\/75400-01st-august-2023-new-version-1-24-7-xss-issue-fixed.html\">https:\/\/joomdonation.com\/forum\/edocman\/75400-01st-august-2023-new-version-1-24-7-xss-issue-fixed.html<\/a><\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/edocman\/","update_notice":"https:\/\/joomdonation.com\/forum\/edocman\/75400-01st-august-2023-new-version-1-24-7-xss-issue-fixed.html","created":"2022-09-29T00:00:00+00:00","modified":"2023-08-01T16:27:46+00:00","statusText":"Resolved"},{"id":"802","title":"Admiror Gallery, , XSS (Cross Site Scripting)","status":"1","created":"2023-07-25T00:00:00+00:00","modified":"2023-07-25T19:34:13+00:00","statusText":"Live"},{"id":"799","title":"quickform, , Other","description":"<p>Developer states exploit is \"hack yourself\" scenario<\/p>","status":"2","created":"2023-07-12T00:00:00+00:00","modified":"2023-07-24T20:48:39+00:00","statusText":"Resolved"},{"id":"797","title":"JC Dashboards, 1.3.10, Other","description":"<p>JCDashboards updated latest version V1.3.31 as this includes a fix for a possible security leak should your linux server not be configured correctly in certain circumstances.<\/p>\r\n<p>\u00a0<\/p>\r\n<table border=\"0\" cellspacing=\"0\"><colgroup span=\"2\" width=\"85\"><\/colgroup>\r\n<tbody>\r\n<tr>\r\n<td align=\"left\" valign=\"bottom\" height=\"32\">changelog<\/td>\r\n<td align=\"left\" valign=\"bottom\">Download url<\/td>\r\n<\/tr>\r\n<tr>\r\n<td align=\"left\" valign=\"bottom\" height=\"241\">https:\/\/joomcode.com\/jcmedia\/com_jcdashboards\/version_history.html<\/td>\r\n<td align=\"left\" valign=\"bottom\">https:\/\/joomcode.com\/index.php\/download\/category\/7-jc-dashboards?download=11:jc-dashboards-free<\/td>\r\n<\/tr>\r\n<\/tbody>\r\n<\/table>\r\n<p>\u00a0<\/p>","status":"2","patch_version":"1.3.1","update_notice":"https:\/\/joomcode.com\/index.php\/jc-forum\/announcements\/30-security-updated-for-jcdashboards","created":"2023-07-12T00:00:00+00:00","modified":"2023-07-24T20:39:09+00:00","statusText":"Resolved"},{"id":"786","title":"one vote, 1.7, XSS (Cross Site Scripting)","status":"1","created":"2023-06-27T00:00:00+00:00","modified":"2023-06-27T18:42:26+00:00","statusText":"Live"},{"id":"783","title":"HikaShop Joomla Plugin, , SQL Injection","description":"<p><span style=\"color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;\">anyone with access to the order management in the backend of HikaShop to be able to use a MySQL injection to extract data from the database.<\/span><br style=\"margin: 0px; padding: 0px; color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;\" \/><span style=\"color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;\">\"payment methods\" restriction setting to custom fields of the \"order\" table in HikaShop 4.4.1, so prior versions of HikaShop are not impacted.<\/span><\/p>\r\n<p>\u00a0<\/p>\r\n<p>https:\/\/www.hikashop.com\/home\/blog\/501-hikashop-important-2023.html<\/p>","status":"1","start_version":"4.4.1","vulnerable_version":"4.4.1","update_notice":"https:\/\/www.hikashop.com\/home\/blog\/501-hikashop-important-2023.html","created":"2023-06-01T00:00:00+00:00","modified":"2023-06-01T18:07:23+00:00","statusText":"Live"},{"id":"771","title":"Visforms Base Package for Joomla!, 4, SQL Injection","description":"<ul style=\"padding: 0px; margin: 0px 0px 10px 25px; color: #312546; font-family: Arial, 'Helvetica Neue', Helvetica, sans-serif; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;\">\r\n<li style=\"line-height: 20px;\">Project: Visforms f\u00fcr <strong>Joomla 3<\/strong><\/li>\r\n<li style=\"line-height: 20px;\">Extension: com_visforms<\/li>\r\n<li style=\"line-height: 20px;\">Impact: Critical<\/li>\r\n<li style=\"line-height: 20px;\">Severity: High<\/li>\r\n<li style=\"line-height: 20px;\">Probability: Unkonwn<\/li>\r\n<li style=\"line-height: 20px;\"><strong>Versions: 3.8.0 - 3.14.10<\/strong><\/li>\r\n<li style=\"line-height: 20px;\">Exploit type: SQL Injection<\/li>\r\n<li style=\"line-height: 20px;\">Reported Date: 2023-04-16<\/li>\r\n<li style=\"line-height: 20px;\">Fixed Date: 2023-04-19<\/li>\r\n<li style=\"line-height: 20px;\">CVE Number:\u00a0<a style=\"color: #6989f2; text-decoration: none;\" href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-23753\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2023-23753<\/a><\/li>\r\n<\/ul>\r\n<h3 style=\"margin: 10px 0px; font-family: Ubuntu, Helvetica, sans-serif; font-weight: bold; line-height: 20px; color: #312546; text-rendering: optimizelegibility; font-size: 17.5px; text-decoration: underline; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff;\">Description<\/h3>\r\n<p style=\"margin: 0px 0px 10px; color: #312546; font-family: Arial, 'Helvetica Neue', Helvetica, sans-serif; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;\">An improper use of input filter allows SQL-Injection.<\/p>\r\n<h3 style=\"margin: 10px 0px; font-family: Ubuntu, Helvetica, sans-serif; font-weight: bold; line-height: 20px; color: #312546; text-rendering: optimizelegibility; font-size: 17.5px; text-decoration: underline; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff;\">Affected Installs<\/h3>\r\n<ul style=\"padding: 0px; margin: 0px 0px 10px 25px; color: #312546; font-family: Arial, 'Helvetica Neue', Helvetica, sans-serif; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;\">\r\n<li style=\"line-height: 20px;\"><strong>com_visforms versions 3.8.0 - 3.14.10.<\/strong><\/li>\r\n<li style=\"line-height: 20px;\">Visforms Base Package 3.0.0 - 3.0.4 (Since version 3.14.6 com_visforms is part of the Visforms Base Package)<\/li>\r\n<\/ul>","status":"2","jed":"https:\/\/vi-solutions.de\/en\/send-request","cve_id":"CVE-2023-23753","created":"2023-04-11T00:00:00+00:00","modified":"2023-04-19T14:27:49+00:00","statusText":"Resolved"},{"id":"766","title":"JoomGallery, 3.6.1, SQL Injection","description":"<p><span style=\"text-decoration: underline;\"><br \/><\/span>Vulnerability Type: 3rd party extension - SQL Injection<\/p>\r\n<p>Version: Old 3.6.1 \/ New 3.6.2<\/p>\r\n<p>Update details: Fix vulnerability type SQL Injection.<\/p>\r\n<p>Update URL: <a href=\"https:\/\/www.en.joomgalleryfriends.net\/news-3-6-2.html\">https:\/\/www.en.joomgalleryfriends.net\/news-3-6-2.html<\/a><\/p>\r\n<p>Changelog URL: <a href=\"https:\/\/github.com\/JoomGalleryfriends\/JoomGallery\/blob\/master\/administrator\/components\/com_joomgallery\/changelog.xml\">https:\/\/github.com\/JoomGalleryfriends\/JoomGallery\/blob\/master\/administrator\/components\/com_joomgallery\/changelog.xml<\/a><\/p>\r\n<p>\u00a0<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/joomgallery\/","risk_level":"medium","vulnerable_version":"3.6.1","patch_version":"3.6.2","update_notice":"https:\/\/www.en.joomgalleryfriends.net\/news-3-6-2.html","created":"2023-03-23T00:00:00+00:00","modified":"2023-03-28T12:36:36+00:00","statusText":"Resolved"},{"id":"765","title":"J-BusinessDirectory, 5.7.7 and prior, Other","description":"<p>In the J-BusinessDirectory version 5.8.3 we have updated guzzlehttp to the latest version, 7.5.0 and to PSR 2.1.5.<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/j-businessdirectory\/","patch_version":"5.8.3","created":"2023-02-07T00:00:00+00:00","modified":"2023-03-10T08:33:23+00:00","statusText":"Resolved"},{"id":"762","title":" LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login , 5.0.2, Other","description":"<p>Other : 5.0.2 Exploit <br \/>Check developer for new releases<\/p>","status":"2","risk_level":"small","start_version":"5.0.2","vulnerable_version":"5.0.2","patch_version":"6.0","created":"2022-12-27T00:00:00+00:00","modified":"2023-01-15T13:59:38+00:00","statusText":"Resolved"},{"id":"756","title":"JKassa, 2.0.0, SQL Injection","description":"<p>JKassa, 2.0.0,\u00a0 SQL Injection<\/p>\r\n<p>Update to latest version https:\/\/jkassa.com\/en\/extensions\/jkassa.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/jkassa\/","created":"2022-10-01T00:00:00+00:00","modified":"2022-11-04T20:01:51+00:00","statusText":"Resolved"},{"id":"754","title":"JoomRecipe, 4.2.2, XSS (Cross Site Scripting)","status":"1","jed":"https:\/\/extensions.joomla.org\/extension\/joomrecipe\/","vulnerable_version":"4.2.2","patch_version":"4.2.4","created":"2022-09-30T00:00:00+00:00","modified":"2022-10-02T19:16:57+00:00","statusText":"Live"},{"id":"752","title":"jCart for OpenCart, jCart for OpenCart 3.0.3.19, XSS (Cross Site Scripting)","description":"<p>Here is the link on our site: <a class=\"moz-txt-link-freetext\" href=\"https:\/\/extensions.soft-php.com\/support\/latest-news\/79-joocart-jcart-30325-release-notice.html\">https:\/\/extensions.soft-php.com\/support\/latest-news\/79-joocart-jcart-30325-release-notice.html<\/a> <\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extension\/jcart-for-opencart\/","patch_version":"3.0.3.25","created":"2022-09-30T00:00:00+00:00","modified":"2022-10-02T19:15:08+00:00","statusText":"Live"},{"id":"737","title":"Ijoomla Guru, Various","status":"2","created":"2021-12-17T00:00:00+00:00","modified":"2022-07-08T10:27:44+00:00","statusText":"Resolved"},{"id":"743","title":"JUX Timetable, 1.0.4, SQL Injection","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/jux-timetable\/","created":"2022-06-03T00:00:00+00:00","modified":"2022-07-08T09:58:04+00:00","statusText":"Resolved"},{"id":"747","title":"JUX Timetable x","description":"<p>JUX TimetableVersion: Old 1.0.4 \/ New 1.0.5<\/p>\r\n<p>\u00a0<\/p>\r\n<p>Update URL: <a href=\"extension\/jux-timetable\/\">https:\/\/extensions.joomla.org\/extension\/jux-timetable\/<\/a><\/p>\r\n<p>Download URL: <a href=\"https:\/\/demo.joomlaux.com\/download\/pkg_jux_timetable.zip\">https:\/\/demo.joomlaux.com\/download\/pkg_jux_timetable.zip <\/a><\/p>\r\n<p>\u00a0<\/p>","status":"2","vulnerable_version":"1.0.4","patch_version":"1.0.5","update_notice":"https:\/\/extensions.joomla.org\/extension\/jux-timetable\/","created":"2022-07-07T00:00:00+00:00","modified":"2022-07-08T09:57:40+00:00","statusText":"Resolved"},{"id":"738","title":"adblock detector nordmograph","description":"<p>Malicious script<br \/><strong>New in 2.1<\/strong>:<br \/>Miner feature discontinued<br \/><em>This is a security release for the 3.x series of Joomla! This release fixes one low level security issues.<\/em><br \/><br \/><\/p>","status":"2","recommendation":"New in 2.1: Miner feature discontinued This is a security release for the 3.x series of Joomla! This release fixes one low level security issues.","patch_version":"2.1","update_notice":"https:\/\/www.nordmograph.com\/extensions\/index.php?option=com_virtuemart&view=productdetails&virtuemart_product_id=112&virtuemart_category_id=1&Itemid=58","created":"2022-02-18T00:00:00+00:00","modified":"2022-05-05T20:21:47+00:00","statusText":"Resolved"},{"id":"734","title":"Balbooa Forms, 2.0.6 (not tested on others), SQL Injection","description":"<p>Balbooa Forms, 2.0.6 ,\u00a0 SQL Injection<\/p>","status":"1","vulnerable_version":"2.0.6","created":"2021-09-28T00:00:00+00:00","modified":"2021-10-25T21:34:28+00:00","statusText":"Live"},{"id":"729","title":"YooRecipe, All, ","description":"<p>SQL injection vulnerability possibly all versions<\/p>\r\n<p><strong>abandoned extension<\/strong><\/p>","status":"1","recommendation":"remove","created":"2021-03-30T00:00:00+00:00","modified":"2021-06-06T08:49:44+00:00","statusText":"Live"},{"id":"726","title":" JomSocial , 4.7.6, XSS (Cross Site Scripting)","description":"<p>\u00a0JomSocial , 4.7.6,\u00a0 XSS (Cross Site Scripting) investigation<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extension\/jomsocial\/","created":"2020-11-09T00:00:00+00:00","modified":"2020-12-29T16:26:47+00:00","statusText":"Live"},{"id":"725","title":"publisher, 3.0.19, XSS (Cross Site Scripting)","description":"<p>ijoomlapublisher, 3.0.19,\u00a0 XSS (Cross Site Scripting)<\/p>","status":"1","start_version":"3.0.19","vulnerable_version":"3.0.19","created":"2020-11-04T00:00:00+00:00","modified":"2020-11-07T15:18:11+00:00","statusText":"Live"},{"id":"724","title":"paGO Commerce, 2.5.9.0, SQL Injection","description":"<p>paGO Commerce,\u00a0 2.5.9.0,\u00a0 SQL Injection<\/p>","status":"1","created":"2020-10-20T00:00:00+00:00","modified":"2020-10-26T18:14:32+00:00","statusText":"Live"},{"id":"720","title":"Social Chat, 1.5 and Below, SQL Injection","status":"1","jed":"https:\/\/extensions.joomla.org\/extension\/communication\/chat-hosted\/social-chat\/","created":"2020-09-13T00:00:00+00:00","modified":"2020-09-20T09:56:17+00:00","statusText":"Live"},{"id":"713","title":"CMS2CMS, Connector Extension, 2.00 permissions","description":"<p>CMS2CMS Connector Extension 2.00<\/p>\r\n<p>Update of the permission type created for the catalog file 2.01<\/p>","status":"2","patch_version":"2.01","created":"2020-07-16T00:00:00+00:00","modified":"2020-07-29T20:59:41+00:00","statusText":"Resolved"},{"id":"711","title":"js jobs, 1.3, SQL Injection","description":"<p>js jobs,1.3,SQL Injection<\/p>","status":"2","created":"2020-07-14T00:00:00+00:00","modified":"2020-07-23T08:35:13+00:00","statusText":"Resolved"},{"id":"702","title":"xcloner,3.53,Other","description":"<p>xcloner,3.53,Other<\/p>\r\n<p><strong>Developer statement<\/strong><\/p>\r\n<div class=\"entry clearfix label-warning\">\r\n<p><span style=\"color: #ffffff;\">Today we have made available a new release \u2014 version 3.5.4 \u2014 for the unmaintained Joomla version of XCloner.<\/span><\/p>\r\n<p><span style=\"color: #ffffff;\">Prior versions of XCloner for Joomla contained an Authenticated Local File Disclosure vulnerability that has been patched in the latest version. Any users of the unmaintained XCloner for Joomla package should upgrade immediately.<\/span><\/p>\r\n<p><span style=\"color: #ffffff;\">Details of the exploit have not been published to allow users time to upgrade.<\/span><\/p>\r\n<\/div>","status":"2","start_version":"3.53","patch_version":"3.54","update_notice":"https:\/\/www.xcloner.com\/xcloner-news\/security-release-available-for-archived-joomla-version\/","created":"2020-05-26T00:00:00+00:00","modified":"2020-06-05T17:14:50+00:00","statusText":"Resolved"},{"id":"696","title":"GMapFP 3.30,Other","description":"<p>GMapFP 3.30,3.30,Other<\/p>\r\n<p>Related  in<br \/><a href=\"resolved\/1835-gmapfp-3-39f-xss-cross-site-scripting\">https:\/\/vel.joomla.org\/resolved\/1835-gmapfp-3-39f-xss-cross-site-scripting<br \/><br \/><\/a>new version number<\/p>\r\n<p>3.55<\/p>\r\n<p> <\/p>","status":"2","vulnerable_version":"3.79","patch_version":"3.123pro","update_notice":"https:\/\/gmapfp.org\/en\/download\/lang,en-gb\/","install_data":{"name":"COM_GMAPFP","type":"component","creationDate":"Septembre 2019","author":"Fabrice4821","copyright":"All rights reserved","authorUrl":"http:\/\/www.gmapfp.org","group":""},"created":"2020-04-03T00:00:00+00:00","modified":"2020-06-05T17:13:10+00:00","statusText":"Resolved"},{"id":"700","title":"Ordasoft CCK, 6.1.12 Various","description":"<p>Ordasoft CCK, 6.1.12 Various,,Other<br \/><br \/><\/p>\r\n<p>new version number<\/p>\r\n","status":"2","patch_version":"6.6","update_notice":"https:\/\/ordasoft.com\/cck-content-construction-kit-for-joomla.html","created":"2020-05-20T00:00:00+00:00","modified":"2020-06-02T13:32:27+00:00","statusText":"Resolved"},{"id":"698","title":"fabrik 3.9,Various","description":"<p>,fabrik 3.9. Various Issues<\/p>\r\n<p>NOTE: the earlier version number was a mistake by the reporter.<\/p>\r\n<p class=\"alert-danger\"><span style=\"color: #000000;\">new version number<\/span><\/p>\r\n<p class=\"alert-danger\"><span style=\"color: #000000;\">3.9.1<\/span><\/p>\r\n<p class=\"alert-danger\"><span style=\"color: #000000;\">Update Notice URL<\/span><\/p>\r\n<p class=\"alert-danger\"><span style=\"color: #000000;\"><a style=\"color: #000000;\" href=\"https:\/\/fabrikar.com\/blog\/87-fabrik-3-9-1-released\">https:\/\/fabrikar.com\/blog\/87-fabrik-3-9-1-released<\/a><\/span><\/p>","status":"2","created":"2020-04-03T00:00:00+00:00","modified":"2020-05-26T20:22:56+00:00","statusText":"Resolved"},{"id":"671","title":"oziogallery,5.0.1,XSS (Cross Site Scripting)","description":"<p>oziogallery,5.0.1,XSS (Cross Site Scripting)<\/p>\r\n<p>Update Notice URL<\/p>\r\n<p>https:\/\/www.facebook.com\/groups\/oziogallery\/permalink\/1588619457938122\/<\/p>\r\n<p>Change log Url<\/p>\r\n<p>https:\/\/www.opensourcesolutions.es\/en\/ext\/ozio-gallery.html#Changelog<\/p>","status":"2","vulnerable_version":"5.0.1","patch_version":"5.0.2","update_notice":"https:\/\/www.facebook.com\/groups\/oziogallery\/permalink\/1588619457938122\/","created":"2019-05-14T00:00:00+00:00","modified":"2020-04-30T22:48:22+00:00","statusText":"Resolved"},{"id":"675","title":"ZOO by YOOtheme,3.3.33,SQL Injection","description":"<p>ZOO by YOOtheme,3.3.33,SQL Injection<\/p>\r\n<p> <\/p>\r\n<p>Fix SQL injection vulnerability in Admin Controllers <br \/>new version number<br \/>3.3.34<\/p>\r\n<p>Update Notice URL<\/p>\r\n<p>https:\/\/yootheme.com\/support\/zoo\/changelog<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/zoo\/","vulnerable_version":"3.3.3","patch_version":"3.3.34","update_notice":"https:\/\/yootheme.com\/support\/zoo\/changelog","created":"2019-06-03T00:00:00+00:00","modified":"2020-04-30T22:48:14+00:00","statusText":"Resolved"},{"id":"688","title":"jDownloads,3.2.64,SQL Injection","description":"<p>jDownloads,3.2.64,SQL Injection<br \/><br \/>Developers update<\/p>\r\n<p><a href=\"http:\/\/www.jdownloads.com\/index.php\/downloads\/download\/6-jdownloads\/2-jdownloads-3-2.html#jd65\">http:\/\/www.jdownloads.com\/index.php\/downloads\/download\/6-jdownloads\/2-jdownloads-3-2.html#jd65<\/a><\/p>\r\n<p> <\/p>","status":"2","vulnerable_version":"3.2.64","update_notice":"http:\/\/www.jdownloads.com\/index.php\/downloads\/download\/6-jdownloads\/2-jdownloads-3-2.html#jd65","created":"2019-08-22T00:00:00+00:00","modified":"2020-04-30T22:47:47+00:00","statusText":"Resolved"},{"id":"689","title":"PayPlans,4.0, ID","description":"<p>PayPlans,4.0, ID<br \/><a href=\"https:\/\/stackideas.com\/blog\/payplans-4013\">https:\/\/stackideas.com\/blog\/payplans-4013<\/a> Update to 4.0.13<\/p>","status":"2","start_version":"4.0.x","vulnerable_version":"4.0.12","patch_version":"4.0.13","update_notice":"https:\/\/stackideas.com\/blog\/payplans-4013","created":"2019-09-11T00:00:00+00:00","modified":"2020-04-30T22:47:40+00:00","statusText":"Resolved"},{"id":"690","title":"js jobs,1.1.5, 1.1.6, 1.2.5 and 1.2.6,Other","description":"<p>js jobs,1.1.5, 1.1.6, 1.2.5 and 1.2.6,Other<\/p>\r\n<p><strong>Extension Update Details<\/strong><\/p>\r\n<p>Fix the file security bug.<\/p>\r\n<p>new version number<\/p>\r\n<p>2.1.7<\/p>\r\n","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/js-jobs\/","created":"2019-10-08T00:00:00+00:00","modified":"2020-04-30T22:47:33+00:00","statusText":"Resolved"},{"id":"691","title":"J2Store, 3.3.9. and previous,XSS (Cross Site Scripting)","description":"<p>J2Store,3.9.x,XSS (Cross Site Scripting)<\/p>\r\n<p>Update to 3.3.11  <a href=\"https:\/\/www.j2store.org\/blog\/general\/j2store-3-3-11-released-with-improvements-and-a-security-fix.html\">https:\/\/www.j2store.org\/blog\/general\/j2store-3-3-11-released-with-improvements-and-a-security-fix.html<\/a><\/p>","status":"2","vulnerable_version":"3..3.09","patch_version":"3.3.11","update_notice":"https:\/\/www.j2store.org\/blog\/general\/j2store-3-3-11-released-with-improvements-and-a-security-fix.html","created":"2019-10-16T00:00:00+00:00","modified":"2020-04-30T22:47:26+00:00","statusText":"Resolved"},{"id":"697","title":"hwdplayer,4.2,SQL Injection","description":"<p>hwdplayer,4.2,SQL Injection<br \/><br \/>Possible abandonware also<\/p>","status":"1","created":"2020-04-03T10:48:01+00:00","modified":"2020-04-30T22:47:12+00:00","statusText":"Live"},{"id":"694","title":"acymailing, 6.9.2,Other","description":"<p>acymailing, <6.9.2,Other<\/p>\r\n<p>Update to version 6.9.2<\/p>\r\n<p>Developer did not inform the VEL team<\/p>\r\n<p> <\/p>","status":"2","patch_version":"6.9.2","created":"2020-03-25T00:00:00+00:00","modified":"2020-03-25T11:43:31+00:00","statusText":"Resolved"},{"id":"693","title":"BadBot Protection id 14294, ","status":"1","risk_level":"small","start_version":"1.0","vulnerable_version":"1.0","patch_version":"1.1","update_notice":"https:\/\/www.siteguarding.com\/en\/badbot-protection","created":"2020-03-23T00:00:00+00:00","modified":"2020-03-24T13:12:06+00:00","statusText":"Live"},{"id":"594","title":"Simple Calendar,3.1.9,SQL Injection","description":"<p>Simple Calendar by Fabrizio Albonico, versions 3.1.9 and previous, SQL Injection<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/simplecalendar\/","cve_id":"CVE-2018-5974","vulnerable_version":"3.1.9","patch_version":"3.2.1","update_notice":"http:\/\/software.albonico.ch\/joomla-components\/4-news2\/71-3-2-0-err-3-2-1-is-out.html","install_data":{"name":"com_simplecalendar","type":"component","creationDate":"June 30, 2017","author":"Fabrizio Albonico","copyright":"(C) 2009 - 2017 Fabrizio Albonico. All rights reserved.","authorUrl":"software.albonico.ch","group":""},"created":"2018-03-07T00:00:00+00:00","modified":"2020-03-20T19:51:03+00:00","statusText":"Resolved"},{"id":"687","title":"kunena, 5.0.x - 5.1.14 ,XSS (Cross Site Scripting)","description":"<p>kunena, 5.0.x - 5.1.14 ,XSS (Cross Site Scripting)<\/p>\r\n<p>Developer statement<\/p>\r\n<p><a href=\"https:\/\/www.kunena.org\/blog\/207-kunena-5-1-14-released\">https:\/\/www.kunena.org\/blog\/207-kunena-5-1-14-released<\/a><\/p>","status":"2","created":"2019-08-14T19:28:24+00:00","modified":"2019-08-14T19:29:01+00:00","statusText":"Resolved"},{"id":"685","title":"JS support ticket,1.1.6, SQL Injection","description":"<p>JS support ticket,1.1.6, SQL Injection<\/p>\r\n<p>resolution: update to 1.1.7<\/p>\r\n<p>update notice: <a href=\"https:\/\/joomsky.com\/products\/js-ticket-joomla.html\">https:\/\/joomsky.com\/products\/js-ticket-joomla.html<\/a><\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/js-support-ticket\/","recommendation":"update","vulnerable_version":"1.1.6","patch_version":"1.1.7","update_notice":"https:\/\/joomsky.com\/products\/js-ticket-joomla.html","install_data":{"name":"JS Support Ticket","type":"component","creationDate":"Aug 11th, 2019","author":"Joom Sky","copyright":"Copyright (c) 2015. All rights reserved.","authorUrl":"","group":""},"created":"2019-08-12T00:00:00+00:00","modified":"2019-08-12T12:22:42+00:00","statusText":"Resolved"},{"id":"682","title":"JS support ticket,1.1.5,Directory Traversal","description":"<p>JS support ticket,1.1.5,Directory Traversal<\/p>\r\n<p>resolution: update to 1.1.6<\/p>\r\n<p>update notice: <a href=\"https:\/\/joomsky.com\/products\/js-ticket-joomla.html\">https:\/\/joomsky.com\/products\/js-ticket-joomla.html<\/a><\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/js-support-ticket\/","recommendation":"update","vulnerable_version":"1.1.5","patch_version":"1.1.6","update_notice":"https:\/\/joomsky.com\/products\/js-ticket-joomla.html","install_data":{"name":"JS Support Ticket","type":"component","creationDate":"Aug 6th, 2019","author":"Joom Sky","copyright":"Copyright (c) 2015. All rights reserved.","authorUrl":"","group":""},"created":"2019-08-08T00:00:00+00:00","modified":"2019-08-12T12:21:06+00:00","statusText":"Resolved"},{"id":"683","title":"Easy Discuss 4.1.9 SQL Injection","description":"<p>Easy Discuss 4.1.9 by Stack Ideas, SQL Injection<\/p>\r\n<p>Resolution: update to 4.1.10<\/p>\r\n<p>update notice: <a href=\"https:\/\/stackideas.com\/blog\/important-security-update-for-easydiscuss4-1-10\">https:\/\/stackideas.com\/blog\/important-security-update-for-easydiscuss4-1-10<\/a><\/p>\r\n<p> <\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/easydiscuss\/","recommendation":"update","vulnerable_version":"4.1.9","patch_version":"4.1.10","update_notice":"https:\/\/stackideas.com\/blog\/important-security-update-for-easydiscuss4-1-10","install_data":{"name":"com_easydiscuss","type":"component","creationDate":"9th August 2019","author":"StackIdeas","copyright":"Copyright 2009 - 2012 Stack Ideas. All rights reserved","authorUrl":"http:\/\/www.stackideas.com","group":""},"created":"2019-08-09T00:00:00+00:00","modified":"2019-08-10T12:44:48+00:00","statusText":"Resolved"},{"id":"677","title":"Community Builder, 2.4.2","description":"<p>Community Builder, 2.4.1 and previous, <\/p>\r\n<p>resolution: update to 2.4.2<\/p>\r\n<p>update notice: <a href=\"https:\/\/www.joomlapolis.com\/news\/18843-community-builder-2-4-2-security-maintenance-and-features-release\">https:\/\/www.joomlapolis.com\/news\/18843-community-builder-2-4-2-security-maintenance-and-features-release<\/a><\/p>","status":"2","created":"2018-06-14T09:30:40+00:00","modified":"2019-05-22T06:38:12+00:00","statusText":"Resolved"},{"id":"676","title":"eXtplorer 2.1.12 various","description":"<p>eXtplorer 2.1.12 various<\/p>\r\n<p>Update Notice URL<\/p>\r\n<p>https:\/\/extplorer.net\/news\/24<\/p>\r\n<p> <\/p>\r\n<p> <\/p>\r\n<p> <\/p>","status":"2","created":"2019-05-19T07:21:04+00:00","modified":"2019-05-19T07:52:34+00:00","statusText":"Resolved"},{"id":"667","title":"Akeeba LoginGuard,3.1.1 and all lower versions,Information Disclosure","description":"<p>Akeeba LoginGuard,3.1.1 and all lower versions,Information Disclosure<br \/>Update via developers website. <\/p>\r\n","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/akeeba-loginguard\/","created":"2019-05-13T13:34:27+00:00","modified":"2019-05-17T19:23:34+00:00","statusText":"Resolved"},{"id":"668","title":"RSEvents! Pro (March 2019),Other","description":"<p>RSEvents! Pro (March 2019),Other<br \/><br \/><\/p>\r\n<p> <\/p>\r\n<p>new version number<\/p>\r\n<p>2.2.1<\/p>\r\n<p> <\/p>\r\n<p> <\/p>\r\n<p>UpdateNotice URL<\/p>\r\n<p>https:\/\/www.rsjoomla.com\/blog\/view\/468-csv-vulnerability-explained.html<\/p>","status":"2","created":"2019-05-13T08:58:26+00:00","modified":"2019-05-13T09:00:32+00:00","statusText":"Resolved"},{"id":"669","title":"RSEvents! Pro Cart Plugin older than 1.1.15 ,Other","description":"<p>RSEvents! Pro Cart Plugin older than 1.1.15),Other<br \/><br \/> <\/p>\r\n<p>UpdateNotice URL<\/p>\r\n<p>https:\/\/www.rsjoomla.com\/blog\/view\/468-csv-vulnerability-explained.html<\/p>","status":"2","created":"2019-05-13T08:58:26+00:00","modified":"2019-05-13T09:00:32+00:00","statusText":"Resolved"},{"id":"670","title":"RSMembership! older than 1.22.11 ,Other","description":"<p>RSMembership! older than 1.22.11,Other<br \/><br \/> <\/p>\r\n<p>UpdateNotice URL<\/p>\r\n<p>https:\/\/www.rsjoomla.com\/blog\/view\/468-csv-vulnerability-explained.html<\/p>","status":"2","created":"2019-05-13T08:58:26+00:00","modified":"2019-05-13T09:00:32+00:00","statusText":"Resolved"},{"id":"666","title":"RSForm! Pro,2.2.0 (March 2019),Other","description":"<p> RSForm! Pro,2.2.0 (March 2019),Other<br \/><br \/><\/p>\r\n<p> <\/p>\r\n<p>new version number<\/p>\r\n<p>2.2.1<\/p>\r\n<p> <\/p>\r\n<p> <\/p>\r\n<p>UpdateNotice URL<\/p>\r\n<p>https:\/\/www.rsjoomla.com\/blog\/view\/468-csv-vulnerability-explained.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/rsform-pro\/","vulnerable_version":"2.2..0","patch_version":"2.2.1","update_notice":"https:\/\/www.rsjoomla.com\/blog\/view\/468-csv-vulnerability-explained.html","created":"2019-05-02T00:00:00+00:00","modified":"2019-05-13T08:56:29+00:00","statusText":"Resolved"},{"id":"665","title":"Phoca Gallery,4.3.15 prior,Other","description":"<p>Phoca Gallery,4.3.15 prior,Other<\/p>\r\n<p> <\/p>\r\n<p>Update Notice URL<\/p>\r\n<p>https:\/\/www.phoca.cz\/news\/1029-phoca-gallery-4-3-17-released<\/p>","status":"2","update_notice":"https:\/\/www.phoca.cz\/news\/1029-phoca-gallery-4-3-17-released ","created":"2019-04-25T00:00:00+00:00","modified":"2019-05-07T22:28:03+00:00","statusText":"Resolved"},{"id":"664","title":"kunena, ,XSS (Cross Site Scripting)","description":"<p>kunena,5.1.3,XSS (Cross Site Scripting)<\/p>","status":"2","risk_level":"medium","start_version":"Kunena 5.1","vulnerable_version":"5.1.11.1","patch_version":"5.1.12.","update_notice":"https:\/\/www.kunena.org\/blog\/205-kunena-5-1-12-released","created":"2019-04-22T00:00:00+00:00","modified":"2019-04-22T14:40:00+00:00","statusText":"Resolved"},{"id":"597","title":"JB Bus, 2.3, SQL Injection","description":"<p>JB Bus by Joombooking, 2.3, SQL Injection<\/p>\r\n<p> <\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/vertical-markets\/booking-a-reservations\/jbtransport\/","cve_id":"CVE-2018-6372","start_version":"2.37","vulnerable_version":"2.3","patch_version":"2.4","update_notice":"https:\/\/joombooking.com\/supports\/security-release-notice","created":"2018-03-07T00:00:00+00:00","modified":"2019-04-10T20:20:29+00:00","statusText":"Resolved"},{"id":"663","title":"AcyMailing 5.10.6 Various","description":"<p>AcyMailing 5.10.6 Various<\/p>\r\n<p>new version number<\/p>\r\n<p>5.10.7<\/p>\r\n<p>UpdateNotice URL<\/p>\r\n<p>https:\/\/www.acyba.com\/support\/change-log.html<\/p>\r\n<p> <\/p>\r\n<p>Changelog Url<\/p>\r\n<p>https:\/\/www.acyba.com\/support\/change-log.html<\/p>","status":"2","created":"2019-03-25T18:43:46+00:00","modified":"2019-03-25T18:44:37+00:00","statusText":"Resolved"},{"id":"661","title":"TCPDF Library,6.2.12,Other","description":"<p>TCPDF Library,6.2.12,Other<\/p>\r\n<p> <\/p>\r\n<p>updated to v6.2.26<\/p>\r\n<table class=\"files js-navigation-container js-active-navigation-container\" data-pjax=\"\">\r\n<tbody>\r\n<tr class=\"js-navigation-item navigation-focus\" aria-selected=\"true\">\r\n<td class=\"content\"> <\/td>\r\n<td class=\"message\"><span class=\"css-truncate css-truncate-target\"> <a class=\"link-gray\" title=\"updated to v6.2.26\" href=\"https:\/\/github.com\/vdm-io\/tcpdf\/commit\/aa5dc2c127c34d38e2436344ffff2f1e5311f65a\" data-pjax=\"true\"><br \/><\/a><\/span><\/td>\r\n<\/tr>\r\n<\/tbody>\r\n<\/table>\r\n<p>{ttweet}{fsubscribe}<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/tcpdf-library\/","created":"2019-03-22T00:00:00+00:00","modified":"2019-03-25T18:42:53+00:00","statusText":"Resolved"},{"id":"662","title":"Jevents 3.4.49 Various","description":"<p>Jevents 3.4.49 Various<\/p>\r\n<p>UpdateNotice URL<br \/>https:\/\/www.jevents.net\/blog\/jevents-3-4-50-released-all-users-should-upgrade<\/p>","status":"2","created":"2019-03-17T16:57:17+00:00","modified":"2019-03-17T17:10:56+00:00","statusText":"Resolved"},{"id":"659","title":"Kunena,5.1.9,XSS (Cross Site Scripting)","description":"<p>Kunena,5.1.9,XSS (Cross Site Scripting)<\/p>\r\n<p><a href=\"https:\/\/www.kunena.org\/blog\/203-kunena-5-1-10-released\">https:\/\/www.kunena.org\/blog\/203-kunena-5-1-10-released<\/a><\/p>","status":"2","vulnerable_version":"5.1.9","patch_version":"5.1.10","created":"2019-03-03T00:00:00+00:00","modified":"2019-03-03T22:37:33+00:00","statusText":"Resolved"},{"id":"658","title":"Edocman,1.1.17,SQL Injection","description":"<p>Edocman,1.1.17,SQL Injection<\/p>\r\n<p>Extension Update Details<\/p>\r\n<p>Fix security issue on Joomla SQL injection from previous Edocman version.<\/p>\r\n<p>new version number<\/p>\r\n<p>1.11.8<\/p>\r\n<p>UpdateNotice URL<\/p>\r\n<p><a href=\"https:\/\/www.joomdonation.com\/forum\/edocman\/64786-23th-february-2019-new-version-1-11-8-security-issue-fixed.html\">https:\/\/www.joomdonation.com\/forum\/edocman\/64786-23th-february-2019-new-version-1-11-8-security-issue-fixed.htmlhttps:\/\/www.joomdonation.com\/forum\/edocman\/64786-23th-february-2019-new-version-1-11-8-security-issue-fixed.html<\/a><\/p>\r\n<p> <\/p>","status":"2","start_version":"1.1.17","vulnerable_version":"1.1.17","patch_version":"1.1.18","update_notice":"https:\/\/www.joomdonation.com\/forum\/edocman\/64786-23th-february-2019-new-version-1-11-8-security-issue-fixed.html","created":"2019-02-23T00:00:00+00:00","modified":"2019-02-23T16:40:54+00:00","statusText":"Resolved"},{"id":"657","title":"Easy Shop ,1.2.3 ,Other","description":"<p>Easy Shop ,1.2.3 ,Other<\/p>\r\n<p> <\/p>\r\n<p>Developer update 1.2.4 <a href=\"https:\/\/www.joomtech.net\/blog\/easyshop-1-2-4-security-issues-fixed\">https:\/\/www.joomtech.net\/blog\/easyshop-1-2-4-security-issues-fixed<\/a><br \/>Developer did not #tellvel<\/p>","status":"2","created":"2019-02-04T16:30:15+00:00","modified":"2019-02-04T16:32:09+00:00","statusText":"Resolved"},{"id":"656","title":"JoomCRM 1.1.1","description":"<p>new version number<\/p>\r\n<p>1.1.2<\/p>\r\n<p>https:\/\/www.joomboost.com\/blog-updates\/joomcrm-version-1-1-2-security-announcement.html<\/p>","status":"2","created":"2019-01-20T16:18:05+00:00","modified":"2019-01-20T16:20:50+00:00","statusText":"Resolved"},{"id":"655","title":"JoomProject 1.1.3.2 ID","description":"<p>new version number<\/p>\r\n<p>1.1.3.3<\/p>\r\n<p> <\/p>\r\n<p>https:\/\/www.joomboost.com\/blog-updates\/joomproject-version-1-1-3-3-security-announcement.html<\/p>","status":"2","created":"2019-01-20T16:17:18+00:00","modified":"2019-01-20T16:18:37+00:00","statusText":"Resolved"},{"id":"654","title":"J-CruiseReservation 6.0.2 sqli","description":"<p>new version number 6.0.4<\/p>\r\n<p>UpdateNotice URL <a href=\"https:\/\/www.cmsjunkie.com\/blog\/cruise-reservations-update\/\">https:\/\/www.cmsjunkie.com\/blog\/cruise-reservations-update\/<\/a><\/p>","status":"2","created":"2019-01-20T09:18:34+00:00","modified":"2019-01-20T09:22:26+00:00","statusText":"Resolved"},{"id":"455","title":"J-CruiseReservation,3.0,SQL Injection","description":"<p>J-CruiseReservation by CMS Junkie, 3.0, SQL Injection<\/p>\r\n","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/j-cruisereservation\/","created":"2017-03-15T10:48:51+00:00","modified":"2019-01-20T09:17:48+00:00","statusText":"Resolved"},{"id":"651","title":"kunena,5.1.7,XSS (Cross Site Scripting)","description":"<p>kunena,5.1.7,XSS (Cross Site Scripting)<br \/><a href=\"https:\/\/www.kunena.org\/blog\/201-kunena-5-1-8-released\">https:\/\/www.kunena.org\/blog\/201-kunena-5-1-8-released<\/a><\/p>","status":"2","created":"2018-12-30T22:02:04+00:00","modified":"2018-12-31T03:35:51+00:00","statusText":"Resolved"},{"id":"650","title":"Jomres,9.14.0 & lower,Other","description":"<p> Jomres,9.14.0 & lower<\/p>\r\n<p>Developer statement<br \/>new version number 9.15.0<br \/>UpdateNotice URL <a href=\"https:\/\/www.jomres.net\/blog\/99-jomres-9-15-0-security-release-new-features\">https:\/\/www.jomres.net\/blog\/99-jomres-9-15-0-security-release-new-features<\/a><br \/>Changelog Url https:\/\/www.jomres.net\/support\/changelog<\/p>\r\n<p> <\/p>\r\n<p> <\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/vertical-markets\/booking-a-reservations\/jomres\/","created":"2018-12-05T09:38:09+00:00","modified":"2018-12-05T21:59:42+00:00","statusText":"Resolved"},{"id":"648","title":"music collection, 3.0.3 ,SQL Injection","description":"<p>music collection, 3.0.3 ,SQL Injection<br \/>Developer statement: currently at version 3.0.6, this was already fixed in 3.0.4<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/music-collection\/","created":"2018-11-24T11:52:37+00:00","modified":"2018-11-25T19:21:29+00:00","statusText":"Resolved"},{"id":"647","title":"kunena,5.1.6.1,XSS (Cross Site Scripting)","description":"<p>kunena,5.1.6.1,XSS (Cross Site Scripting)<\/p>\r\n<p> <\/p>\r\n<p>Developer statement: Update to 5.1.7 <a href=\"https:\/\/www.kunena.org\/blog\/200-kunena-5-1-7-released\">https:\/\/www.kunena.org\/blog\/200-kunena-5-1-7-released<\/a><\/p>","status":"2","created":"2018-11-20T18:46:17+00:00","modified":"2018-11-20T23:10:14+00:00","statusText":"Resolved"},{"id":"653","title":"Jimtawl 2.2.7 - 'id' SQL Injection","description":"<p>Jimtawl 2.2.7 - 'id' SQL Injection<br \/><br \/>Developer statement update to 2.2.8<br \/><a href=\"http:\/\/janguo.de\/lang-de\/joomla-25-higher\/joomla-25-jimtawl-2-1.html\">http:\/\/janguo.de\/lang-de\/joomla-25-higher\/joomla-25-jimtawl-2-1.html<\/a><\/p>","status":"2","created":"2018-11-16T21:15:02+00:00","modified":"2018-11-16T21:16:25+00:00","statusText":"Resolved"},{"id":"644","title":"kunena,5.1.4,Other","description":"<p>kunena,5.1.4,Other<\/p>\r\n<p> statement post: <a href=\"https:\/\/www.kunena.org\/blog\/198-kunena-5-1-5-released\">https:\/\/www.kunena.org\/blog\/198-kunena-5-1-5-released<\/a><\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/kunena\/","vulnerable_version":"5.1.4","patch_version":"5.1.5","update_notice":"https:\/\/www.kunena.org\/blog\/198-kunena-5-1-5-released","install_data":{"name":"Kunena Forum Package","type":"package","creationDate":"2018-10-14","author":"Kunena Team","copyright":"(C) 2008 - 2018 Kunena Team. All rights reserved.","authorUrl":"https:\/\/www.kunena.org","group":""},"created":"2018-10-14T00:00:00+00:00","modified":"2018-10-15T10:37:24+00:00","statusText":"Resolved"},{"id":"646","title":"CW Article Attachments (Pro Version), SQL Injection","description":"<p>CW Article Attachments (Pro Version) from cwjoomla.com, versions 2.1.0 and previous, SQL Injection<\/p>\r\n<p>resolution: update to 2.1.2<\/p>\r\n<p>update notice: http:\/\/www.cwjoomla.com\/download-cw-article-attachments<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/cw-article-attachments-pro\/","recommendation":"update","vulnerable_version":"2.1.0","patch_version":"2.1.2","update_notice":"http:\/\/www.cwjoomla.com\/download-cw-article-attachments","created":"2018-10-15T00:00:00+00:00","modified":"2018-10-15T10:30:53+00:00","statusText":"Resolved"},{"id":"645","title":"CW Article Attachments (Free Version), SQL Injection","description":"<p>CW Article Attachments (Free Version) from cwjoomla.com, versions 1.0.6 and previous, SQL Injection<\/p>\r\n<p>resolution: update to 1.0.7<\/p>\r\n<p>update notice: http:\/\/www.cwjoomla.com\/download-cw-article-attachments<\/p>\r\n<p> <\/p>\r\n<p> <\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/cw-article-attachments\/","recommendation":"update","vulnerable_version":"1.0.6","patch_version":"1.0.7","update_notice":"http:\/\/www.cwjoomla.com\/download-cw-article-attachments","install_data":{"name":"CW Article Attachments Package","type":"package","creationDate":"October 2018","author":"Ing. Pavel Star\u00fd, CW Joomla","copyright":"Copyright (c) 2012 - 2018 Ing. Pavel Star\u00fd - CW Joomla. All rights reserved.","authorUrl":"http:\/\/www.cwjoomla.com","group":""},"created":"2018-10-15T00:00:00+00:00","modified":"2018-10-15T10:28:52+00:00","statusText":"Resolved"},{"id":"641","title":"JSN Framework System Plugin, 2.1.5","description":"<p>JSN Framework System Plugin, versions 2.1.5 and previous, unrestricted file uploads without any authorization<\/p>\r\n<p>Resolution: update to  2.1.6<\/p>\r\n<p>Update notice: <a href=\"https:\/\/www.joomlashine.com\/forums\/jsn-extension-framework-gen-1-plugin-v2-1-6-is-released.html\">https:\/\/www.joomlashine.com\/forums\/jsn-extension-framework-gen-1-plugin-v2-1-6-is-released.html<\/a><\/p>\r\n<p>Users are strongly urged to update immediately<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/jsn-poweradmin\/","recommendation":"update","vulnerable_version":"2.1.5","patch_version":"2.1.6","update_notice":"https:\/\/www.joomlashine.com\/forums\/jsn-extension-framework-gen-1-plugin-v2-1-6-is-released.html","install_data":{"name":"plg_system_jsnframework","type":"plugin","creationDate":"09\/24\/2018","author":"JoomlaShine.com","copyright":"Copyright (C) 2013 JoomlaShine.com. All Rights Reserved.","authorUrl":"www.joomlashine.com","group":""},"created":"2018-10-09T00:00:00+00:00","modified":"2018-10-10T09:34:38+00:00","statusText":"Resolved"},{"id":"643","title":"All Regular Labs extensions with editor buttons","description":"<p>All Regular Labs extensions with editor buttons, versions before 7 September 2018, cross site scripting (XSS):-<\/p>\r\n<p>- Articles Anywhere<br \/>- Conditional Content<br \/>- Dummy Content<br \/>- Modals<br \/>- Modules Anywhere<br \/>- Sliders<br \/>- Snippets<br \/>- Tabs<br \/>- Tooltips<\/p>\r\n<p>The editor button popup urls could potentially be used for cross site scripting (triggering custom javascript via the url). That is now fixed.<\/p>\r\n<p>update notice: <a href=\"https:\/\/www.regularlabs.com\/component\/content\/article\/1281-security-fix-7-sep-2018\">https:\/\/www.regularlabs.com\/component\/content\/article\/1281-security-fix-7-sep-2018<\/a><\/p>\r\n<h3>Versions numbers affected<\/h3>\r\n<p>Articles Anywhere: 8.2.0 and previous, resolution update to 8.2.1<\/p>\r\n<p>Conditional content: 2.2.2 and previous, resolution update to 2.3.0<\/p>\r\n<p>Dummy content: 5.1.1 and previous, resolution update to 5.1.2<\/p>\r\n<p>Modals: 9.13.0 and previous, resolution update to 9.13.1<\/p>\r\n<p>Modules Anywhere: 7.5.0 and previous, resolution update to 7.5.1<\/p>\r\n<p>Sliders: 7.6.1 and previous, resolution update to 7.6.2<\/p>\r\n<p>Snippets: 6.4.0 and previous, resolution update to 6.4.1<\/p>\r\n<p>Tabs: 7.4.1 and previous, resolution update to 7.4.2<\/p>\r\n<p>Tooltips: 7.2.1 and previous, resolution update to 7.2.2<\/p>\r\n<p> <\/p>\r\n<p> <\/p>\r\n<p> <\/p>","status":"2","created":"2018-09-25T11:01:38+00:00","modified":"2018-09-25T11:32:11+00:00","statusText":"Resolved"},{"id":"638","title":"Forms by Balbooa.com,1.7.2,Information Disclosure","description":"<p>Forms by Balbooa.com,1.7.2,Information Disclosure<\/p>\r\n<p>Resolution: update to 1.7.4 (there was a previous update 1.7.3 which did not entirely fix the issue)<\/p>\r\n<p>update notice: https:\/\/support.balbooa.com\/forum\/joomla-forms\/5441-balbooa-joomla-forms-v-1-7-4<\/p>\r\n<p> <\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/contacts-and-feedback\/forms\/forms\/","recommendation":"update","vulnerable_version":"1.7.2","patch_version":"1.7.4","update_notice":"https:\/\/support.balbooa.com\/forum\/joomla-forms\/5441-balbooa-joomla-forms-v-1-7-4","install_data":{"name":"BaForms","type":"package","creationDate":"06 April 2015","author":"Balbooa","copyright":"Balbooa 2016","authorUrl":"http:\/\/balbooa.com","group":""},"created":"2018-09-13T00:00:00+00:00","modified":"2018-09-21T20:36:46+00:00","statusText":"Resolved"},{"id":"639","title":"Gantry package 5.4.26 ,Other","description":"<p>Gantry package containing \"Twig\" library creates folders with improper folder permissions. On some servers this may lead to world writeable folders.<br \/>see <a href=\"https:\/\/github.com\/gantry\/gantry5\/issues\/2363\">https:\/\/github.com\/gantry\/gantry5\/issues\/2363<\/a> <a href=\"https:\/\/github.com\/twigphp\/Twig\/issues\/2353\">https:\/\/github.com\/twigphp\/Twig\/issues\/2353<\/a><br \/><br \/><\/p>\r\n<p><strong>developer<\/strong> states not a security issue within their coding. <br \/>reference topics<br \/><a href=\"https:\/\/forum.joomla.org\/viewtopic.php?f=714&t=965475\">https:\/\/forum.joomla.org\/viewtopic.php?f=714&t=965475<\/a> <a href=\"https:\/\/github.com\/gantry\/gantry5\/issues\/2363\">https:\/\/github.com\/gantry\/gantry5\/issues\/2363<\/a><\/p>","status":"2","install_data":{"name":"pkg_gantry5","type":"package","creationDate":"September 11, 2018","author":"RocketTheme, LLC","copyright":"(C) 2005 - 2017 RocketTheme, LLC. All rights reserved.","authorUrl":"http:\/\/www.rockettheme.com","group":""},"created":"2018-09-14T00:00:00+00:00","modified":"2018-09-18T18:51:31+00:00","statusText":"Resolved"},{"id":"635","title":"J-Business Directory,4.9.3,SQL Injection","description":"<p>jBusiness Directory from CMS Junkie,4.9.3 and previous versions, SQL Injection, XSS<\/p>\r\n<p>resolution: update to 4.9.4<\/p>\r\n<p>update notice: <a href=\"http:\/\/www.cmsjunkie.com\/blog\/joomla_business_directory_4-9-4_release\/\">http:\/\/www.cmsjunkie.com\/blog\/joomla_business_directory_4-9-4_release\/<\/a><\/p>\r\n<p>Note that the developer did not inform the VEL<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/j-businessdirectory\/","vulnerable_version":"4.9.3","patch_version":"4.9.4","update_notice":"http:\/\/www.cmsjunkie.com\/blog\/joomla_business_directory_4-9-4_release\/","install_data":{"name":"JBusinessDirectory","type":"component","creationDate":"November 2011","author":"CMSJunkie","copyright":"(C) CMSJunkie. All rights reserved.","authorUrl":"www.cmsjunkie.com","group":""},"created":"2018-08-07T00:00:00+00:00","modified":"2018-09-14T21:52:37+00:00","statusText":"Resolved"},{"id":"633","title":"Kunena,5.0 - 5.1.1,Other","description":"<p>Kunena,5.0 - 5.1.1,Other <br \/><strong>Developer statement <\/strong><br \/>The Kunena team has announce the arrival of Kunena 5.1.2 [K 5.1.2] which is now available for <a class=\"external text\" title=\"https:\/\/www.kunena.org\/download\" href=\"https:\/\/www.kunena.org\/download\" rel=\"nofollow\">download<\/a> as a native Joomla extension for J! 3.8.x. This version addresses most of the issues that were discovered in K 5.1 and issues discovered during the development stages of K 5.1. This is a <strong>Security<\/strong> release.<br \/><a href=\"https:\/\/www.kunena.org\/blog\/194-kunena-5-1-2-released\">https:\/\/www.kunena.org\/blog\/194-kunena-5-1-2-released<\/a><\/p>","status":"2","install_data":{"name":"Kunena Forum Package","type":"package","creationDate":"2018-03-14","author":"Kunena Team","copyright":"(C) 2008 - 2018 Kunena Team. All rights reserved.","authorUrl":"https:\/\/www.kunena.org","group":""},"created":"2018-07-15T00:00:00+00:00","modified":"2018-09-14T21:48:03+00:00","statusText":"Resolved"},{"id":"634","title":"Magiczoomplus for Virtuemart, 4.9.4, Insecure Folder Permissions","description":"<p>Virtuemart plugin  magiczoomplus v4.9.4 and previous, Sensitive information disclosure, Insecure folder permissions, Remote call information disclosure.<\/p>\r\n<p>Resolution: Update to 4.9.6<\/p>\r\n<p>Update notice: https:\/\/www.magictoolbox.com\/jv-release-update\/<\/p>\r\n<p>Note that the VEL do not agree with the developer's description of these as \"low level security issues\"<\/p>\r\n<p> <\/p>\r\n<p> <\/p>","status":"2","vulnerable_version":"4.9.4","patch_version":"4.9.6","update_notice":"https:\/\/www.magictoolbox.com\/jv-release-update\/","install_data":{"name":"com_virtuemart_magiczoomplus","type":"component","creationDate":"2013-04-25","author":"www.magictoolbox.com","copyright":"Copyright (C) 2013 Magic Toolbox. All rights reserved.","authorUrl":"http:\/\/www.magictoolbox.com","group":""},"created":"2018-08-01T00:00:00+00:00","modified":"2018-09-14T21:47:04+00:00","statusText":"Resolved"},{"id":"640","title":"Magiczoomplus for Joomla, 3.3.4, Insecure Folder Permissions","description":"<p>Magiczoomplus for Joomla, versions 3.3.4 and previous, Sensitive information disclosure, Insecure folder permissions, Remote call information disclosure.<\/p>\r\n<p>Resolution: update to 3.3.6<\/p>\r\n<p>Update notice: https:\/\/www.magictoolbox.com\/jv-release-update\/<\/p>\r\n<p>Note that the VEL do not agree with the developer's description of these as \"low level security issues\"<\/p>","status":"2","vulnerable_version":"3.3.4","patch_version":"3.3.6","update_notice":"https:\/\/www.magictoolbox.com\/jv-release-update\/","install_data":{"name":"com_magiczoomplus","type":"component","creationDate":"2013-04-25","author":"www.magictoolbox.com","copyright":"Copyright (C) 2013 Magic Toolbox. All rights reserved.","authorUrl":"http:\/\/www.magictoolbox.com","group":""},"created":"2018-09-14T00:00:00+00:00","modified":"2018-09-14T21:46:11+00:00","statusText":"Resolved"},{"id":"615","title":"mobilejoomla, 2.1.24, malcious redirects","description":"<p>mobilejoomla,2.1.24, malicious redirects. <br \/>google adsense file added that may redirect all sites adsense revenue to the developer. File is not deleted on removing extension. <\/p>\r\n<p><strong>Developer statement<\/strong><\/p>\r\n<p>Extension Update Details<\/p>\r\n<p><em>Previously the free version of the Mobile extension added a file called ads.txt (recommended by Google) if it was missing from the webserver in order to show the support ads, as explained to users before download. This on the other hand meant that if someone were also showing ads on the site and did not take action on Google's notification about adding their own domain(s) to the ads.txt file, there may have been a risk that they might have lost some advertising impressions. However, the new version 2.1.25 has been updated so that the ads.txt file is not created unless it already exists, in which case the Mobile extension just adds a clearly marked line there. This case only applies the free version of the extension.<\/em><\/p>\r\n<p> new version number 2.1.25 Update Notice URL<br \/><a href=\"https:\/\/www.mobilejoomla.com\/blog\/243-mobile-joomla-2125-released.html\">https:\/\/www.mobilejoomla.com\/blog\/243-mobile-joomla-2125-released.html<\/a><\/p>\r\n","status":"2","jed":"https:\/\/extensions.joomla.org\/index.php?option=com_jed&view=extension&layout=default&id=1192","vulnerable_version":"2.1.24","patch_version":"2.1.25","update_notice":"https:\/\/www.mobilejoomla.com\/blog\/243-mobile-joomla-2125-released.html","created":"2018-03-27T00:00:00+00:00","modified":"2018-08-16T11:15:13+00:00","statusText":"Resolved"},{"id":"636","title":"Jcomments, version 3.0.5, Input Validation Vulnerability","description":"<p>jcomments,versions 3.0.5 and all previous, inadequate input validation of object_group parameter leads to possible exploits including arbitrary local file inclusion<\/p>\r\n<p>resolution: update to version 3.0.6<\/p>\r\n<p>There is evidence that this is being actively exploited, so users are recommended to update ASAP.<\/p>\r\n<p>update notice: <a href=\"http:\/\/www.joomlatune.com\/n28-104.html\">http:\/\/www.joomlatune.com\/n28-104.html<\/a><\/p>\r\n","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/jcomments\/","recommendation":"update","vulnerable_version":"3.0.5","patch_version":"3.0.6","update_notice":"http:\/\/www.joomlatune.com\/n28-104.html","install_data":{"name":"JComments","type":"component","creationDate":"01\/08\/2014","author":"smart","copyright":"Copyright 2006-2014 JoomlaTune.ru All rights reserved!","authorUrl":"http:\/\/www.joomlatune.ru","group":""},"created":"2018-08-12T00:00:00+00:00","modified":"2018-08-15T14:31:23+00:00","statusText":"Resolved"},{"id":"631","title":"Advertisement Board 3.1.0","description":"<p>Advertisement Board by Ordasoft, versions  3.1.0 and previous, SQL Injection<\/p>\r\n<p>Resolution: update to 3.1.4<\/p>\r\n<p>Update notice:<a href=\"https:\/\/ordasoft.com\/News\/News\/advertisement-board-security-update.html\">https:\/\/ordasoft.com\/News\/News\/advertisement-board-security-update.html<\/a><\/p>\r\n<p> <\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/ads-a-affiliates\/classified-ads\/advertisement-board\/","cve_id":"CVE-2018-5982","vulnerable_version":"3.1.0","patch_version":"3.1.4","update_notice":"https:\/\/ordasoft.com\/News\/News\/advertisement-board-security-update.html","install_data":{"name":"Advertisement Board","type":"component","creationDate":"March 2018","author":"Andrey Kvasnevskiy, Aleksey Pakholkov","copyright":"This component is released under License from included LICENSE.txt file","authorUrl":"http:\/\/www.ordasoft.com","group":""},"created":"2018-07-04T00:00:00+00:00","modified":"2018-07-04T12:05:35+00:00","statusText":"Resolved"},{"id":"576","title":"Media Library Free, 4.0.12, SQL Injection","description":"<p>Media Library Free by Ordasoft, versions 4.0.12 and previous, SQL Injection<\/p>\r\n<p>resolution: update to 4.0.21<\/p>\r\n<p>update notice: <a href=\"https:\/\/ordasoft.com\/News\/News\/media-library-security-update.html\">https:\/\/ordasoft.com\/News\/News\/media-library-security-update.html<\/a><\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/living\/education-a-culture\/medialibrary-basic\/","cve_id":"CVE-2018-5971","recommendation":"update","vulnerable_version":"4.0.12","patch_version":"4.0.21","update_notice":"https:\/\/ordasoft.com\/News\/News\/media-library-security-update.html","install_data":{"name":"MediaLibrary","type":"component","creationDate":"January 2018","author":"Rob de Cleen, Andrey Kvasnevskiy","copyright":"This component is released under License from included LICENSE.txt file","authorUrl":"http:\/\/www.ordasoft.com","group":""},"created":"2018-03-01T00:00:00+00:00","modified":"2018-07-04T11:55:10+00:00","statusText":"Resolved"},{"id":"628","title":"Community Builder, 2.1.4, XSS","description":"<p>Community Builder, 2.1.4 and previous, XSS (Cross site scripting)<\/p>\r\n<p>resolution: update to 2.1.5<\/p>\r\n<p>update notice: https:\/\/www.joomlapolis.com\/news\/18791-community-builder-2-1-5-security-and-maintenance-release<\/p>","status":"2","vulnerable_version":"2.1.4","patch_version":"2.1.5","update_notice":"https:\/\/www.joomlapolis.com\/news\/18791-community-builder-2-1-5-security-and-maintenance-release","install_data":{"name":"Package Installer","type":"component","creationDate":"2016-01-26","author":"Krileon","copyright":"(C) 2004-2017 www.joomlapolis.com \/ Lightning MultiCom SA - and its licensors, all rights reserved2 License","authorUrl":"http:\/\/www.joomlapolis.com\/","group":""},"created":"2018-06-14T00:00:00+00:00","modified":"2018-06-14T09:33:27+00:00","statusText":"Resolved"},{"id":"625","title":"booking calendar for joomla!","description":"<p>Booking Calendar for Joomla!\u00a0 update to 3.4.0 various security patches.<br \/>Note END OF LIFE https:\/\/www.joomlabookingcalendar.com\/last-update\/ Last known version number 3.4.0<\/p>","status":"2","created":"2018-05-23T22:05:36+00:00","modified":"2018-05-27T12:55:39+00:00","statusText":"Resolved"},{"id":"624","title":"Nexevo Contact Form, Backdoor","description":"<p>Nexevo Contact Form, Backdoor<\/p>\r\n<p>Resolution: update to 1.0.2<\/p>\r\n<p>Users should also check for the existence of a plugin called System - Section among their installed extensions. It is malware and needs to be removed and the site treated as hacked. Further information here: <a href=\"articles\/2167-nexevo-contact-form\">https:\/\/vel.joomla.org\/articles\/2167-nexevo-contact-form<\/a><\/p>\r\n<p>Update notice: http:\/\/www.nexevo.in\/security-release-announcement.html<\/p>\r\n","status":"2","jed":"https:\/\/extensions.joomla.org\/index.php?option=com_jed&view=extension&layout=default&id=11064","recommendation":"remove","install_data":{"name":"COM_NEXEVOCONTACT","type":"component","creationDate":"12 Nov 2015","author":"Nexevo Technologies","copyright":"Nexevo Technologies","authorUrl":"http:\/\/www.nexevo.in","group":""},"created":"2018-05-11T00:00:00+00:00","modified":"2018-05-22T09:14:23+00:00","statusText":"Resolved"},{"id":"623","title":"Admin Tools Pro, 5.0.2, Information Disclosure","description":"<p>Admin Tools Pro by Akeeba, versions 5.0.2 and previous, Information Disclosure<\/p>\r\n<p>Resolution: update to 5.1.0<\/p>\r\n<p>Update notice: https:\/\/www.akeebabackup.com\/news\/1693-admin-tools-security-bulletin-may-2018.html<\/p>\r\n","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/admin-tools-professional\/","recommendation":"update","vulnerable_version":"5.0.2","patch_version":"5.1.0","update_notice":"https:\/\/www.akeebabackup.com\/news\/1693-admin-tools-security-bulletin-may-2018.html","install_data":{"name":"Admin Tools package","type":"package","creationDate":"2018-02-26","author":"Nicholas K. Dionysopoulos","copyright":"Copyright (c)2010-2018 Akeeba Ltd \/ Nicholas K. Dionysopoulos","authorUrl":"","group":""},"created":"2018-05-08T00:00:00+00:00","modified":"2018-05-10T12:49:09+00:00","statusText":"Resolved"},{"id":"620","title":"Gridbox com_gridbox, 2.4.0, Multiple Vulnerabilities","description":"<p>Gridbox com_gridbox from balbooa.com, 2.4.0 and previous versions, multiple vulnerabilities including XSS, SQLi, arbitratry file download, insecure file upload, directory traversal<\/p>\r\n<p>Resolution: update to version 2.4.1.1 (note that previous security release 2.4.1\u00a0 fixed most of the issues but not all of them)<\/p>\r\n<p>Update notice: https:\/\/support.balbooa.com\/forum\/gridbox\/4366-gridbox-2-4-1-1-security-and-bug-fix-update<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/gridbox\/","recommendation":"update","vulnerable_version":"2.4.1","patch_version":"2.4.1.1","update_notice":"https:\/\/support.balbooa.com\/forum\/gridbox\/4366-gridbox-2-4-1-1-security-and-bug-fix-update","install_data":{"name":"Gridbox","type":"package","creationDate":"01 May 2017","author":"Balbooa","copyright":"Balbooa 2017","authorUrl":"http:\/\/balbooa.com","group":""},"created":"2018-04-09T00:00:00+00:00","modified":"2018-04-23T11:29:36+00:00","statusText":"Resolved"},{"id":"622","title":"Convert Forms, 2.0.3, CSV Injection","description":"<p>Convert Forms by Tassos.gr, versions 2.0.3 and previous, CSV Injection<\/p>\r\n<p>resolution: update to 2.0.4<\/p>\r\n<p>update notice: https:\/\/www.tassos.gr\/blog\/convert-forms-2-0-4-security-release<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/convert-forms\/","recommendation":"update","vulnerable_version":"2.0.3","patch_version":"2.0.4","install_data":{"name":"System - Novarain Installer","type":"plugin","creationDate":"October 2015","author":"Novarain (Tassos Marinos)","copyright":"Copyright \u00a9 2015 Novarain All Rights Reserved","authorUrl":"http:\/\/www.novarain.com","group":""},"created":"2018-04-12T00:00:00+00:00","modified":"2018-04-12T20:40:29+00:00","statusText":"Resolved"},{"id":"614","title":"Watchfulli SSO Plugin,1.2, Other","description":"<p>Watchfulli SSO Plugin, versions 1.2 and previous, Other<\/p>\r\n<p>Resolution: update to version 1.3<\/p>\r\n<p>update notice: https:\/\/watchful.li\/news-blog\/news\/new-watchful-clients-and-sso-plugin-enhance-encryption<\/p>","status":"2","vulnerable_version":"1.2","patch_version":"1.3","update_notice":"https:\/\/watchful.li\/news-blog\/news\/new-watchful-clients-and-sso-plugin-enhance-encryption","install_data":{"name":"Watchful SSO","type":"package","creationDate":"2018-04-12","author":"Watchful.li","copyright":"","authorUrl":"","group":""},"created":"2018-03-27T00:00:00+00:00","modified":"2018-04-12T20:28:08+00:00","statusText":"Resolved"},{"id":"592","title":"CW Tags, 2.0.8, SQL Injection","description":"<p>CW Tags by CW Joomla, versions 2.0.8 and previous, SQL Injection<\/p>\r\n<p>Note that the VEL do not agree with the developer's assessment of this as a \"low level\" security issue<\/p>\r\n<p>Resolution: update to version 2.1.1<\/p>\r\n<p>Update notice: http:\/\/www.cwjoomla.com\/download-cw-tags<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/search-a-indexing\/tags-a-clouds\/cw-tags\/","cve_id":"CVE-2018-7313","recommendation":"update","vulnerable_version":"2.0.8","patch_version":"2.1.1","update_notice":"http:\/\/www.cwjoomla.com\/download-cw-tags","install_data":{"name":"CW Tags Package","type":"package","creationDate":"February 2018","author":"Ing. Pavel Star\u00fd","copyright":"Copyright (c) 2012 - 2018 Ing. Pavel Stary All rights reserved.","authorUrl":"http:\/\/www.cwjoomla.com","group":""},"created":"2018-03-06T00:00:00+00:00","modified":"2018-04-10T10:33:24+00:00","statusText":"Resolved"},{"id":"618","title":"jDownloads,3.2.58, XSS (Cross Site Scripting)","description":"<p>jDownloads, versions 3.2.58 and previous, XSS (Cross Site Scripting)<\/p>\r\n<p>resolution: update to 3.2.59<\/p>\r\n<p>update notice: http:\/\/www.jdownloads.com\/index.php\/news\/264-jdownloads-3-2-59-published.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/jdownloads\/","recommendation":"update","vulnerable_version":"3.2.58","patch_version":"3.2.59","update_notice":"http:\/\/www.jdownloads.com\/index.php\/news\/264-jdownloads-3-2-59-published.html","install_data":{"name":"com_jDownloads","type":"component","creationDate":"2018-03-02","author":"Arno Betz","copyright":"(C) 2007-2018 www.jdownloads.com","authorUrl":"http:\/\/www.jdownloads.com","group":""},"created":"2018-04-04T00:00:00+00:00","modified":"2018-04-10T10:25:42+00:00","statusText":"Resolved"},{"id":"617","title":"Rapicode, Multiple Extensions, Back Door","description":"<p>Rapicode, nultiple extensions, current versions, back door<\/p>\r\n<p>Extensions affected are:-<\/p>\r\n<ul>\r\n<li>Rapi Content Ticker<\/li>\r\n<li>Rapi Content Carousel<\/li>\r\n<li>Rapi Cookie Consent<\/li>\r\n<li>Rapi Countdown<\/li>\r\n<li>Rapi Preloader<\/li>\r\n<li>Rapi Loading Progress Bar<\/li>\r\n<li>Rapi Page Animate<\/li>\r\n<\/ul>\r\n<p>At the moment the back door seems to be loading mining code, it can be used to load arbitrary scripts or other content from the developer's site.<\/p>\r\n<p>We suggest that the extensions be treated as malicious and uninstalled.<\/p>\r\n<p>Note that their other extensions may be affected too, we have not had the opportunity to test them all. If you are using them we suggest checking the code for any curl request to cdn.rapicode.com, or using your browser tools to check for any unexpected scripts being loaded.<\/p>\r\n","status":"1","install_data":{"name":"System - Rapi Preloader","type":"plugin","creationDate":"2017","author":"RapiCode","copyright":"Copyright (C) 2017 All rights reserved.","authorUrl":"","group":""},"created":"2018-03-30T00:00:00+00:00","modified":"2018-04-09T10:16:20+00:00","statusText":"Live"},{"id":"619","title":"Virtuemart 3.2.12 and previous, XSS","description":"<p>Virtuemart, versions 3.2.12 and previous, (XSS) Cross Site Scripting<\/p>\r\n<p>Resolution: update to 3.2.14<\/p>\r\n<p>update notice: http:\/\/virtuemart.net\/news\/489-virtuemart-3-2-14-security-release-and-enhanced-invoice-handling<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/virtuemart\/","recommendation":"update","vulnerable_version":"3.2.12","patch_version":"3.2.14","update_notice":"http:\/\/virtuemart.net\/news\/489-virtuemart-3-2-14-security-release-and-enhanced-invoice-handling","install_data":{"name":"VIRTUEMART","type":"component","creationDate":"December 21 2017","author":"The VirtueMart Development Team","copyright":"Copyright (C) 2004-2015 Virtuemart Team. All rights reserved.","authorUrl":"https:\/\/virtuemart.net","group":""},"created":"2018-04-06T00:00:00+00:00","modified":"2018-04-06T15:07:39+00:00","statusText":"Resolved"},{"id":"591","title":"PrayerCenter,3.0.2,SQL Injection","description":"<p>PrayerCenter by Mike Leeper (MLWebTechnologies), versions 3.0.2 and previous,SQL Injection<\/p>\r\n<p>resolution: update to 3.0.3<\/p>\r\n<p>update notice: https:\/\/github.com\/MLWebTechnologies\/PrayerCenter<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/living\/religion\/prayercenter\/","cve_id":"CVE-2018-7314","recommendation":"update","vulnerable_version":"3.0.2","patch_version":"3.0.2","update_notice":"update notice: https:\/\/github.com\/MLWebTechnologies\/PrayerCenter","install_data":{"name":"COM_PRAYERCENTER","type":"component","creationDate":"February 2016","author":"Mike Leeper","copyright":"This component in released under the GNU\/GPL License","authorUrl":"http:\/\/www.mlwebtechnologies.com","group":""},"created":"2018-03-06T00:00:00+00:00","modified":"2018-03-30T13:11:19+00:00","statusText":"Resolved"},{"id":"616","title":"JS Jobs,1.2.0,XSS (Cross Site Scripting)","description":"<p>JS Jobs from Joomsky.com, versions 1.2.0 and previous,XSS (Cross Site Scripting)<\/p>\r\n<p>resolution: update to 1.2.1<\/p>\r\n<p>update notice: http:\/\/www.joomsky.com\/products\/js-jobs.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/js-jobs\/","recommendation":"update","vulnerable_version":"1.2.0","patch_version":"1.2.1","update_notice":"http:\/\/www.joomsky.com\/products\/js-jobs.html","install_data":{"name":"COM_JSJOBS","type":"component","creationDate":"Feb 20th, 2018","author":"Joom Sky","copyright":"Copyright (c) 2014. All rights reserved.","authorUrl":"","group":""},"created":"2018-03-30T00:00:00+00:00","modified":"2018-03-30T13:10:20+00:00","statusText":"Resolved"},{"id":"611","title":"AcySMS, 3.5.0, CSV Injection","description":"<p>AcySMS by Acyba, versions 3.5.0 and previous, CSV Injection (see <a href=\"articles\/2140-introducing-csv-injection\">https:\/\/vel.joomla.org\/articles\/2140-introducing-csv-injection<\/a> )<\/p>\r\n<p>resolution: update to 3.5.1<\/p>\r\n<p>update notice: https:\/\/www.acyba.com\/acysms\/change-log.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/acysms\/","recommendation":"update","vulnerable_version":"3.5.0","patch_version":"3.5.1","update_notice":"2018-03-27 16:18:34","install_data":{"name":"AcySMS","type":"component","creationDate":"mars 2018","author":"Acyba","copyright":"Copyright (C) 2009-2018 ACYBA SARL - All rights reserved.","authorUrl":"http:\/\/www.acyba.com","group":""},"created":"2018-03-26T00:00:00+00:00","modified":"2018-03-27T16:22:48+00:00","statusText":"Resolved"},{"id":"610","title":"AcyMailing, 5.9.5, CSV Injection","description":"<p>AcyMailing by Acyba, versions 5.9.5 and previous, CSV Injection (see <a href=\"articles\/2140-introducing-csv-injection\">https:\/\/vel.joomla.org\/articles\/2140-introducing-csv-injection<\/a> )<\/p>\r\n<p>Resolution: update to 5.9.6<\/p>\r\n<p>update notice: https:\/\/www.acyba.com\/acymailing\/change-log.html<\/p>\r\n","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/acymailing-starter\/","recommendation":"update","vulnerable_version":"5.9.5","patch_version":"5.9.6","update_notice":"https:\/\/www.acyba.com\/acymailing\/change-log.html","install_data":{"name":"AcyMailing","type":"component","creationDate":"March 2018","author":"Acyba","copyright":"Copyright (C) 2009-2018 ACYBA SAS - All rights reserved.","authorUrl":"http:\/\/www.acyba.com","group":""},"created":"2018-03-22T00:00:00+00:00","modified":"2018-03-27T16:15:55+00:00","statusText":"Resolved"},{"id":"602","title":"Attachments, 3.2.5, SQL Injection","description":"<p>Attachments from jimcameron.net, versions 3.2.5 and previous, SQL Injection<\/p>\r\n<p>resolution: update to 3.2.6<\/p>\r\n<p>update notice: http:\/\/jmcameron.net\/attachments\/<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/directory-a-documentation\/downloads\/attachments\/","recommendation":"update","vulnerable_version":"3.2.5","patch_version":"3.2.6","update_notice":"http:\/\/jmcameron.net\/attachments\/","install_data":{"name":"pkg_attachments","type":"package","creationDate":"April 30, 2017","author":"Jonathan M. Cameron","copyright":"(C) 2007-2017 Jonathan M. Cameron. All rights reserved.","authorUrl":"http:\/\/joomlacode.org\/gf\/project\/attachments\/","group":""},"created":"2018-03-13T00:00:00+00:00","modified":"2018-03-27T09:56:11+00:00","statusText":"Resolved"},{"id":"589","title":"Ek rishta, 2.9, SQL Injection","description":"<p>Ek rishta by Harmis Technology, versions 2.9 and previous, SQL Injection<\/p>\r\n<p>Resolution: update to 2.10<\/p>\r\n<p>update notice: https:\/\/joomlaextensions.co.in\/extensions\/other-extensions\/product\/Ek-Rishta<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/living\/dating-a-relationships\/ek-rishta\/","cve_id":"CVE-2018-7315","recommendation":"update","vulnerable_version":"2.9","patch_version":"2.10","update_notice":"https:\/\/joomlaextensions.co.in\/extensions\/other-extensions\/product\/Ek-Rishta","install_data":{"name":"Ekrishta","type":"component","creationDate":"28\/12\/2012","author":"Hardik Mistry","copyright":"Copyright (C) 2009 - 2011 Open Source Matters. All rights reserved.","authorUrl":"www.joomlaextensions.co.in","group":""},"created":"2018-03-06T00:00:00+00:00","modified":"2018-03-23T19:24:28+00:00","statusText":"Resolved"},{"id":"609","title":"CP Event Calendar, 3.0.2, SQL Injection","description":"<p>CP Event Calendar from\u00a0joomlacalendars.com, versions 3.0.2 and previous, SQL Injection<\/p>\r\n<p>resolution: update to 3.0.3<\/p>\r\n<p>update notice: http:\/\/www.joomlacalendars.com\/updates\/cp-event-calendar-3.0.3<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/calendars-a-events\/events\/cp-event-calendar\/","cve_id":"CVE-2018-6398","recommendation":"update","vulnerable_version":"3.0.2","patch_version":"3.0.3","update_notice":"http:\/\/www.joomlacalendars.com\/updates\/cp-event-calendar-3.0.3","install_data":{"name":"CP Event Calendar","type":"component","creationDate":"2011-02-10","author":"CodePeople","copyright":"(c) 2011 CodePeople LLC - www.codepeople.net","authorUrl":"www.joomlacalendars.com","group":""},"created":"2018-03-22T00:00:00+00:00","modified":"2018-03-22T00:49:17+00:00","statusText":"Resolved"},{"id":"606","title":"Visual Calendar, 3.1.5, SQL Injection","description":"<p>Visual Calendar by Joomcalendars.com, versions 3.1.5 and previous, SQL Injection<\/p>\r\n<p>resolution: update to 3.1.6<\/p>\r\n<p>update notice: http:\/\/www.joomlacalendars.com\/updates\/visual-calendar3.1.6<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/calendars-a-events\/events\/visual-calendar\/","cve_id":"CVE-2018-6395","recommendation":"update","vulnerable_version":"3.1.5","patch_version":"3.1.6","update_notice":"http:\/\/www.joomlacalendars.com\/updates\/visual-calendar3.1.6","install_data":{"name":"Visualcalendar","type":"component","creationDate":"2011-09-13","author":"CodePeople","copyright":"(c) 2011 CodePeople LLC - www.codepeople.net","authorUrl":"www.joomlacalendars.com","group":""},"created":"2018-03-20T00:00:00+00:00","modified":"2018-03-20T11:55:46+00:00","statusText":"Resolved"},{"id":"604","title":"Google Map Landkarten,4.2.3,SQL Injection","description":"<p>Google Map Landkarten from joomla-24.de, versions 4.2.3 and previous, SQL Injection<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/maps-a-weather\/maps-a-locations\/google-map-landkarten\/","cve_id":"CVE-2018-6396","install_data":{"name":"COM_GMAP","type":"component","creationDate":"Sep-2016","author":"Andy Thielke","copyright":"Copyright (C)2016 Andy Thielke","authorUrl":"http:\/\/www.joomla-24.de","group":""},"created":"2018-03-15T00:00:00+00:00","modified":"2018-03-15T17:49:58+00:00","statusText":"Live"},{"id":"603","title":"Kunena,3.x - 5.0.13, Other","description":"<p>Kunena, 3.x - 5.0.13, Other - Normal user can take ownership from any user<\/p>\r\n<p>resolution: update to 5.0.14<\/p>\r\n<p>update notice: https:\/\/www.kunena.org\/blog\/191-kunena-5-0-14-released<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/communication\/forum\/kunena\/","recommendation":"update","start_version":"3.x","vulnerable_version":"5.0.13","patch_version":"5.0.14","update_notice":"https:\/\/www.kunena.org\/blog\/191-kunena-5-0-14-released","install_data":{"name":"Kunena Forum Package","type":"package","creationDate":"2018-03-14","author":"Kunena Team","copyright":"(C) 2008 - 2018 Kunena Team. All rights reserved.","authorUrl":"https:\/\/www.kunena.org","group":""},"created":"2018-03-14T00:00:00+00:00","modified":"2018-03-14T13:25:26+00:00","statusText":"Resolved"},{"id":"600","title":"DT Register,3.2.7,SQL Injection","description":"<p>DT Register by DTH Development, versions 3.2.7 and previous, SQL Injection<\/p>\r\n<p>resolution: update to 3.2.8<\/p>\r\n<p>update notice: https:\/\/www.dthdevelopment.com\/dth-news\/dt-register-328-security-update<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/calendars-a-events\/events\/dt-register\/","cve_id":"CVE-2018-6584","recommendation":"update","vulnerable_version":"3.2.7","patch_version":"3.2.8","update_notice":"https:\/\/www.dthdevelopment.com\/dth-news\/dt-register-328-security-update","install_data":{"name":"DT Register","type":"package","creationDate":"Mar 12, 2018","author":"DTH Development","copyright":"DTH Development - All rights reserved.","authorUrl":"http:\/\/www.dthdevelopment.com","group":""},"created":"2018-03-08T00:00:00+00:00","modified":"2018-03-13T18:54:19+00:00","statusText":"Resolved"},{"id":"601","title":"JomEstate, 3.7, SQL Injection","description":"<p>JomEstate from comdev.eu, versions 3.7 and previous, SQL Injection<\/p>\r\n<p>resolution: resolved in version 3.8, current release is 4.1<\/p>\r\n<p>update notice: none<\/p>\r\n","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/vertical-markets\/real-estate\/jomestate-pro\/","cve_id":"CVE-2018-6368","recommendation":"update ","vulnerable_version":"3.7","patch_version":"3.8","install_data":{"name":"JomEstate Package","type":"package","creationDate":"February 2018","author":"Comdev","copyright":"","authorUrl":"","group":""},"created":"2018-03-09T00:00:00+00:00","modified":"2018-03-09T16:31:02+00:00","statusText":"Resolved"},{"id":"599","title":"Fastball, SQL Injection","description":"<p>Fastball by Fastball Productions, versions yet to be determined but probably all, SQL Injection<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extension\/fastball\/","cve_id":"CVE-2018-6373","created":"2018-03-08T00:00:00+00:00","modified":"2018-03-08T11:27:24+00:00","statusText":"Live"},{"id":"598","title":"File Download Tracker,3.0,SQL Injection","description":"<p>File Download Tracker by techsolsystem.com, 3.0, SQL Injection<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/directory-a-documentation\/downloads\/file-download-tracker\/","cve_id":"CVE-2018-6004","created":"2018-03-07T00:00:00+00:00","modified":"2018-03-07T23:42:47+00:00","statusText":"Live"},{"id":"595","title":"JQuickContact, 1.3.2.3, SQL Injection","description":"<p>JQuickContact by Wassim Jied, versions 1.3.2.3 and previous, SQL Injection<\/p>\r\n<p>resolution: update to 1.3.2.4<\/p>\r\n<p>update notice: http:\/\/coderspirit.blogspot.com\/2011\/07\/jquickcontact.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/contacts-and-feedback\/contact-forms\/jquickcontact\/","cve_id":"CVE-2018-5983","recommendation":"update","vulnerable_version":"1.3.2.3","patch_version":"1.3.2.4","update_notice":"http:\/\/coderspirit.blogspot.com\/2011\/07\/jquickcontact.html","install_data":{"name":"jquickcontact","type":"component","creationDate":"02\/26\/2018","author":"Wassim JIED","copyright":"","authorUrl":"http:\/\/coderspirit.blogspot.com","group":""},"created":"2018-03-07T00:00:00+00:00","modified":"2018-03-07T22:57:45+00:00","statusText":"Resolved"},{"id":"593","title":"SquadManagement,1.0.3,SQL Injection","description":"<p>SquadManagement by Lars Hildebrandt, versions 1.0.3 and previous, SQL Injection<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/sports-a-games\/sports\/squadmanagement\/","cve_id":"CVE-2018-7179","install_data":{"name":"Squad Management!","type":"component","creationDate":"12.04.2015","author":"Lars Hildebrandt","copyright":"2013-2015 Lars Hildebrandt","authorUrl":"http:\/\/joomla.larshildebrandt.de","group":""},"created":"2018-03-07T00:00:00+00:00","modified":"2018-03-07T11:05:51+00:00","statusText":"Live"},{"id":"590","title":"Checklist by Joomplace, 1.1.1.003, SQL Injection","description":"<p>Checklist by Joomplace, versions 1.1.1.003 and previous, SQL Injection<\/p>\r\n<p>resolution: update to 1.1.1.004<\/p>\r\n<p>Update notice: https:\/\/www.joomplace.com\/blog\/security-update-for-checklist.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/living\/personal-life\/checklist\/","cve_id":"CVE-2018-7318","recommendation":"update","vulnerable_version":"1.1.1.003","patch_version":"1.1.1.004","update_notice":"https:\/\/www.joomplace.com\/blog\/security-update-for-checklist.html","install_data":{"name":"Joomla Checklist Package","type":"package","creationDate":"Sept 2017","author":"Joomplace Team","copyright":"(C) JoomPlace, www.joomplace.com","authorUrl":"www.joomplace.com","group":""},"created":"2018-03-06T00:00:00+00:00","modified":"2018-03-06T17:15:06+00:00","statusText":"Resolved"},{"id":"587","title":"NeoRecruit, 4.2.1, SQL Injection","description":"<p>NeoRecruit by NeoJoomla, versions 4.2.1 and previous, SQL Injection<\/p>\r\n<p>resolution: update to 4.2.2<\/p>\r\n<p>update notice: http:\/\/www.neojoomla.com\/index.php?option=com_content&task=view&id=275&Itemid=2<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/neorecruit\/","cve_id":"CVE-2018-6370","recommendation":"update","vulnerable_version":"4.2.1","patch_version":"4.2.2","update_notice":"http:\/\/www.neojoomla.com\/index.php?option=com_content&task=view&id=275&Itemid=2","install_data":{"name":"com_neorecruit","type":"component","creationDate":"March 2018","author":"NeoJoomla","copyright":"Copyright (C) 2018 NeoJoomla","authorUrl":"www.neojoomla.com","group":""},"created":"2018-03-05T00:00:00+00:00","modified":"2018-03-05T23:42:47+00:00","statusText":"Resolved"},{"id":"582","title":"Alexandria Book Library, 3.1.3, SQL Injection","description":"<p>Alexandria Book Library by Federica Ugolotti, versions 3.1.3 and previous, SQL Injection<\/p>\r\n<p>note that security release 3.1.3 does not fully fix the issue<\/p>\r\n<p>resolution: update to 3.1.4<\/p>\r\n<p>update notice: alexandriabooklibrary.org\/en\/downloads\/18-components.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/living\/education-a-culture\/alexandria-book-library\/","cve_id":"CVE-2018-7312","recommendation":"update","vulnerable_version":"3.1.3","patch_version":"3.1.4","update_notice":"alexandriabooklibrary.org\/en\/downloads\/18-components.html","install_data":{"name":"com_abook","type":"component","creationDate":"2018-02-22","author":"Ugolotti Federica","copyright":"Copyright Ugolotti Federica","authorUrl":"http:\/\/www.alexandriabooklibrary.org","group":""},"created":"2018-03-04T00:00:00+00:00","modified":"2018-03-05T23:29:46+00:00","statusText":"Resolved"},{"id":"585","title":"JMS Music,1.1.1,SQL Injection","description":"<p>JMS Music by Joomasters, versions 1.1.1 and previous, SQL Injection<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/multimedia\/multimedia-players\/jms-music\/","created":"2018-03-05T00:00:00+00:00","modified":"2018-03-05T10:09:49+00:00","statusText":"Live"},{"id":"584","title":"JGive, 2.0.9, SQL Injection","description":"<p>JGive by Techjoomla.com, versions 2.0.9 and previous, SQL Injection<\/p>\r\n<p>resolution: update to 2.0.11<\/p>\r\n<p>update notice: https:\/\/techjoomla.com\/blog\/jgive\/release-updates-for-jticketing-jboloand-invitex<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/e-commerce\/donations\/jgive\/","cve_id":"CVE-2018-5970","recommendation":"update","vulnerable_version":"2.0.9","patch_version":"2.0.11","update_notice":"https:\/\/techjoomla.com\/blog\/jgive\/release-updates-for-jticketing-jboloand-invitex","install_data":{"name":"JGive Package","type":"package","creationDate":"26th February 2018","author":"Techjoomla","copyright":"Copyright(C)2012-18 TechJoomla","authorUrl":"www.techjoomla.com","group":""},"created":"2018-03-05T00:00:00+00:00","modified":"2018-03-05T09:39:37+00:00","statusText":"Resolved"},{"id":"583","title":"Form Maker, 3.6.14, SQL Injection","description":"<p>Form Maker by Web Dorado, Versions 3.6.14 and previous, SQL Injection<\/p>\r\n<p>resolution: update to 3.6.15 (note that previous security release did not completely fix the issue)<\/p>\r\n<p>update notice: https:\/\/web-dorado.com\/products\/joomla-form.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/contacts-and-feedback\/forms\/form-maker\/","cve_id":"CVE-2018-5991","recommendation":"update","vulnerable_version":"3.6.14","patch_version":"3.6.15","update_notice":"https:\/\/web-dorado.com\/products\/joomla-form.html","install_data":{"name":"Form Maker","type":"package","creationDate":"September 2011","author":"Web Dorado","copyright":"Copyright (C) 2016 Web-Dorado.com All rights reserved.","authorUrl":"http:\/\/web-dorado.com\/","group":""},"created":"2018-03-04T00:00:00+00:00","modified":"2018-03-04T21:21:29+00:00","statusText":"Resolved"},{"id":"581","title":"Invitex, 3.0.5, SQL Injection","description":"<p>Invitex by techjoomla.com, versions 3.0.5 and previous, SQL Injection<\/p>\r\n<p>resolution: update to 3.0.6<\/p>\r\n<p>update notice: https:\/\/techjoomla.com\/blog\/jgive\/release-updates-for-jticketing-jboloand-invitex<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/content-sharing\/bookmark-a-recommend\/invitex\/","cve_id":"CVE-2018-6394","recommendation":"update","vulnerable_version":"3.0.5","patch_version":"3.0.6","update_notice":"https:\/\/techjoomla.com\/blog\/jgive\/release-updates-for-jticketing-jboloand-invitex","install_data":{"name":"InviteX","type":"component","creationDate":"26th Feb 2018","author":"TechJoomla","copyright":"Copyright(C)2012-17 TechJoomla","authorUrl":"www.techjoomla.com","group":""},"created":"2018-03-03T00:00:00+00:00","modified":"2018-03-03T15:22:07+00:00","statusText":"Resolved"},{"id":"579","title":"Jticketing, 2.0.16, SQL Injection","description":"<p>Jticketing by techjoomla.com, versions 2.0.16 and previous, SQL Injection<\/p>\r\n<p>resolution: update to 2.0.18<\/p>\r\n<p>update notice: https:\/\/techjoomla.com\/blog\/jgive\/release-updates-for-jticketing-jboloand-invitex<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/calendars-a-events\/events\/jticketing\/","cve_id":"CVE-2018-6585","recommendation":"update","vulnerable_version":"2.0.16","patch_version":"2.0.18","update_notice":"https:\/\/techjoomla.com\/blog\/jgive\/release-updates-for-jticketing-jboloand-invitex","install_data":{"name":"JTicketing Package","type":"package","creationDate":"22nd Feb 2018","author":"Techjoomla","copyright":"Copyright(C)2012-16 TechJoomla","authorUrl":"www.techjoomla.com","group":""},"created":"2018-03-03T00:00:00+00:00","modified":"2018-03-03T15:18:27+00:00","statusText":"Resolved"},{"id":"578","title":"JS Autoz ,1.0.9,SQL Injection","description":"<p>JS Autoz by Joomsky.com, 1.0.9 and previous, SQL Injection<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/vertical-markets\/vehicles\/js-autoz\/","cve_id":"CVE-2018-6006","install_data":{"name":"COM_JSAUTOZ","type":"component","creationDate":"May 05th, 2017","author":"Joom Sky","copyright":"Copyright (c) 2014. All rights reserved.","authorUrl":"","group":""},"created":"2018-03-03T00:00:00+00:00","modified":"2018-03-03T13:15:50+00:00","statusText":"Live"},{"id":"577","title":"Gallery WD, 1.3.9, SQL Injection","description":"<p>Gallery WD by Web Dorado, versions 1.3.9 and previous, SQL Injection<\/p>\r\n<p>resolution: update to 1.3.10<\/p>\r\n<p>update notice: https:\/\/web-dorado.com\/products\/joomla-gallery.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/gallery-wd\/","cve_id":"CVE-2018-5981","vulnerable_version":"1.3.9","patch_version":"1.3.10","update_notice":"https:\/\/web-dorado.com\/products\/joomla-gallery.html","install_data":{"name":"Gallery WD","type":"package","creationDate":"April 2014","author":"Web-Dorado","copyright":"Copyright (C) 2014 Web-Dorado.com. All rights reserved.","authorUrl":"http:\/\/www.web-dorado.com","group":""},"created":"2018-03-02T00:00:00+00:00","modified":"2018-03-02T17:40:30+00:00","statusText":"Resolved"},{"id":"575","title":"Realpin,1.5.04,SQL Injection","description":"<p>Realpin by Marcel T\u00f6rpe, versions 1.5.04 and previous, SQL Injection<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/multimedia\/multimedia-display\/realpin\/","cve_id":"CVE-2018-6005","install_data":{"name":"RealPin","type":"component","creationDate":"October 2017","author":"Marcel Toerpe","copyright":"All rights reserved","authorUrl":"http:\/\/frumania.com","group":""},"created":"2018-03-01T00:00:00+00:00","modified":"2018-03-01T12:10:27+00:00","statusText":"Live"},{"id":"574","title":"OS Property, 3.12.8, SQL Injection","description":"<p>OS Property from Joomdonation.com, 3.12.8 and previous, SQL Injection<\/p>\r\n<p>resolution: update to 3.12.9 (note that previous security release 3.12.8 did not completely fix the issue<\/p>\r\n<p>update notice: https:\/\/www.joomdonation.com\/forum\/os-property\/61368-os-property-3-12-9-released-security-issue-fixed.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/vertical-markets\/real-estate\/os-property\/","cve_id":"CVE-2018-7319","recommendation":"update","vulnerable_version":"3.12.8","patch_version":"3.12.9","update_notice":"https:\/\/www.joomdonation.com\/forum\/os-property\/61368-os-property-3-12-9-released-security-issue-fixed.html","install_data":{"name":"OS Property Package","type":"package","creationDate":"September 2011","author":"Dang Thuc Dam","copyright":"Copyright (C) 2012 - 2018 Ossolution Team","authorUrl":"http:\/\/www.joomdonation.com","group":""},"created":"2018-02-28T00:00:00+00:00","modified":"2018-02-28T13:17:00+00:00","statusText":"Resolved"},{"id":"572","title":"Joomla! Pinterest Clone Social Pinboard,2.0,SQL Injection","description":"<p>Joomla! Pinterest Clone Social Pinboard from apptha.com, 2.0, multiple SQL Injection vulnerabilities<\/p>","status":"1","cve_id":"CVE-2018-5987","created":"2018-02-28T00:00:00+00:00","modified":"2018-02-28T12:39:29+00:00","statusText":"Live"},{"id":"569","title":"Proclaim, 9.1.1, Arbitrary File Upload","description":"<p>Proclaim from Christian Web Ministries (installs as com_biblestudy), versions 9.1.1 and previous, arbitrary file upload, also backup file download<\/p>\r\n<p>resolution: update to 9.1.2 fixes both issues<\/p>\r\n<p>update notice: <a href=\"https:\/\/github.com\/Joomla-Bible-Study\/Joomla-Bible-Study\/releases\">https:\/\/github.com\/Joomla-Bible-Study\/Joomla-Bible-Study\/releases<\/a><\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/living\/religion\/proclaim\/","cve_id":"CVE-2018-7316, CVE-2018-7317","recommendation":"update","vulnerable_version":"9.1.1","patch_version":"9.1.2","update_notice":"https:\/\/github.com\/Joomla-Bible-Study\/Joomla-Bible-Study\/releases","install_data":{"name":"Package Proclaim","type":"package","creationDate":"Jan 25, 2018","author":"CWM Team","copyright":"(C) 2007 - 2018 Proclaim All rights reserved.","authorUrl":"https:\/\/www.christianwebministries.org","group":""},"created":"2018-02-27T00:00:00+00:00","modified":"2018-02-27T12:42:35+00:00","statusText":"Resolved"},{"id":"568","title":"Kubik-Rubik Simple Image Gallery Extended (SIGE),3.2.3,XSS (Cross Site Scripting)","description":"<p>Kubik-Rubik Simple Image Gallery Extended (SIGE), versions 3.2.3 and previous, XSS (Cross Site Scripting)<\/p>\r\n<p>resolution: update to 3.2.4 (latest release is 3.3.0)<\/p>\r\n<p>update notice: https:\/\/joomla-extensions.kubik-rubik.de\/sige-simple-image-gallery-extended#changelog<\/p>\r\n<p class=\"western\" style=\"margin-bottom: 0cm;\"><span style=\"font-family: Alps, sans-serif;\">Note that the developer did not inform the VEL<br \/><\/span><\/p>\r\n","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/sige\/","cve_id":"CVE-2017-16356","recommendation":"update","vulnerable_version":"3.2.3","patch_version":"3.2.4","update_notice":"https:\/\/joomla-extensions.kubik-rubik.de\/sige-simple-image-gallery-extended#changelog","install_data":{"name":"PLG_SIGE","type":"plugin","creationDate":"2018-01-19","author":"Viktor Vogel","copyright":"Copyright 2018 Viktor Vogel. All rights reserved.","authorUrl":"https:\/\/joomla-extensions.kubik-rubik.de\/","group":""},"created":"2018-02-26T00:00:00+00:00","modified":"2018-02-27T01:32:18+00:00","statusText":"Resolved"},{"id":"565","title":"Saxum Picker, 3.2.10, SQL Injection","description":"<p>Saxum Picker, vesions 3.2.10 and previous, SQL Injection<\/p>","status":"1","cve_id":"CVE-2018-7178","install_data":{"name":"com_saxumpicker","type":"component","creationDate":"2016-11-26","author":"Laszlo Szabo","copyright":"Copyright 2010, Saxum 2003 Bt.","authorUrl":"http:\/\/saxum2003.hu","group":""},"created":"2018-02-26T00:00:00+00:00","modified":"2018-02-26T13:21:39+00:00","statusText":"Live"},{"id":"566","title":"Saxum Numerology, 3.0.4, SQL Injection","description":"<p>Saxum Numerology, versions 3.0.4 and previous, SQL Injection<\/p>","status":"1","cve_id":"CVE-2018-7177","install_data":{"name":"com_saxumnumerology","type":"component","creationDate":"2016-11-26","author":"Laszlo Szabo","copyright":"Copyright 2011, Saxum 2003 Bt.","authorUrl":"http:\/\/saxum2003.hu","group":""},"created":"2018-02-26T00:00:00+00:00","modified":"2018-02-26T13:20:13+00:00","statusText":"Live"},{"id":"567","title":"Saxum Astro, 4.0.14, SQL Injection","description":"<p>Saxum Astro, versions 4.0.14 and previous, SQL Injection<\/p>","status":"1","cve_id":"CVE-2018-7180","install_data":{"name":"com_saxumastro","type":"component","creationDate":"2016-12-04","author":"Laszlo Szabo","copyright":"Copyright 2010, Saxum 2003 Bt.","authorUrl":"http:\/\/saxum2003.hu","group":""},"created":"2018-02-26T00:00:00+00:00","modified":"2018-02-26T13:19:14+00:00","statusText":"Live"},{"id":"552","title":"Jimtawl, 2.2.6, Arbitrary File Upload","description":"<p>Jimtawl from janguo.de, 2.2.6, arbitrary file upload<\/p>\r\n<p>Resolution: update to 2.2.7<\/p>\r\n<p>Update notice: http:\/\/janguo.de\/lang-de\/joomla-25-higher\/jimtawl.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/multimedia\/streaming-a-broadcasting\/jimtawl\/","recommendation":"update","vulnerable_version":"2.2.6","patch_version":"2.2.7","update_notice":"http:\/\/janguo.de\/lang-de\/joomla-25-higher\/jimtawl.html","install_data":{"name":"Jimtawl","type":"package","creationDate":"2012-08-19","author":"Unknown","copyright":"","authorUrl":"","group":""},"created":"2018-02-20T00:00:00+00:00","modified":"2018-02-26T11:48:05+00:00","statusText":"Resolved"},{"id":"563","title":"Smart Shoutbox, 2.9.5, SQL Injection","description":"<p>Smart Shoutbox by thekrotek.com, version 2.9.5 and previous, SQL Injection<\/p>\r\n<p>resolution: update to 3.0.0, (version released July 2017)<\/p>\r\n<p>update notice: so far the developer has not made an update notice making clear that this was a security release<\/p>\r\n<p>The developer says \"Version 3.0 is an absolutely new release, I reworked it completely, and this issue has gone by itself.\"<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/smart-shoutbox\/","cve_id":"CVE-2018-5975","recommendation":"update","vulnerable_version":"2.9.5","patch_version":"3.0.0","created":"2018-02-23T00:00:00+00:00","modified":"2018-02-23T19:02:34+00:00","statusText":"Resolved"},{"id":"562","title":"JSP Store Locator, 2.4, SQL Injection","description":"<p>JSP Store Locator by Joomla Service Provider, versions 2.4 and previous, SQL Injection<\/p>\r\n<p>Resolution: update to 2.5<\/p>\r\n<p>update notice: http:\/\/www.joomlaserviceprovider.com\/jspblog\/jsp-store-locator-2-5-security-release.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/jsplocation\/","recommendation":"update","vulnerable_version":"2.4","patch_version":"2.5","update_notice":"http:\/\/www.joomlaserviceprovider.com\/jspblog\/jsp-store-locator-2-5-security-release.html","install_data":{"name":"JSP Location","type":"component","creationDate":"2018-02-23","author":"Ajay Lulia","copyright":"This component is released under the GNU\/GPL License","authorUrl":"www.joomlaserviceprovider.com","group":""},"created":"2018-02-23T00:00:00+00:00","modified":"2018-02-23T18:49:14+00:00","statusText":"Resolved"},{"id":"559","title":"Solidres, 2.5.0, SQL Injection","description":"<p>Solidres, 2.5.0 and previous, SQL Injection<\/p>\r\n<p>Resolution: update to 2.5.1<\/p>\r\n<p>Update notice: https:\/\/www.solidres.com\/download\/show-all-downloads\/solidres\/solidres-2-5-1<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/solidres\/","cve_id":"CVE-2018-5980","recommendation":"update","vulnerable_version":"2.5.0","patch_version":"2.5.1","update_notice":"https:\/\/www.solidres.com\/download\/show-all-downloads\/solidres\/solidres-2-5-1","install_data":{"name":"Solidres Full Package","type":"package","creationDate":"Dec 2017","author":"Solidres Team","copyright":"Copyright (C) 2013 - 2017 Solidres. All rights reserved.","authorUrl":"http:\/\/www.solidres.com","group":""},"created":"2018-02-23T00:00:00+00:00","modified":"2018-02-23T18:39:06+00:00","statusText":"Resolved"},{"id":"561","title":"Timetable Responsive Schedule, 1.6, SQL injection","description":"<p>Timetable Responsive Schedule For Joomla by QuanticaLabs, versions 1.6. and previous, SQL injection<\/p>\r\n<p>Resolution: update to 1.7<\/p>\r\n<p>update notice: https:\/\/codecanyon.net\/item\/timetable-responsive-schedule-for-joomla\/9749539#item-description__updates<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/timetable-responsive-schedule-for-joomla\/","cve_id":"CVE-2018-6583","recommendation":"update","vulnerable_version":"1.6","patch_version":"1.7","update_notice":"https:\/\/codecanyon.net\/item\/timetable-responsive-schedule-for-joomla\/9749539#item-description__updates","install_data":{"name":"COM_TIMETABLE","type":"component","creationDate":"December 2014","author":"QuanticaLabs","copyright":"","authorUrl":"http:\/\/codecanyon.net\/user\/QuanticaLabs\/portfolio?ref=QuanticaLabs","group":""},"created":"2018-02-23T00:00:00+00:00","modified":"2018-02-23T18:38:25+00:00","statusText":"Resolved"},{"id":"558","title":"JSP Tickets, 1.1, SQL Injection","description":"<p>JSP Tickets from Joomla Service Provider, versions 1.1 and previous, SQL Injection<\/p>\r\n<p>Resolution: update to version 1.2.0<\/p>\r\n<p>Update notice: http:\/\/www.joomlaserviceprovider.com\/jspblog\/jsp-tickets-1-2-security-release.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/clients-a-communities\/help-desk\/jsp-tickets\/","cve_id":"CVE-2018-6609","recommendation":"update","vulnerable_version":"1.1.0","patch_version":"1.2.0","update_notice":"http:\/\/www.joomlaserviceprovider.com\/jspblog\/jsp-tickets-1-2-security-release.html","install_data":{"name":"JSP Tickets","type":"component","creationDate":"2018-02-22","author":"Ajay Lulia","copyright":"This component is released under the GNU\/GPL License","authorUrl":"www.joomlaserviceprovider.com","group":""},"created":"2018-02-22T00:00:00+00:00","modified":"2018-02-22T13:04:51+00:00","statusText":"Resolved"},{"id":"557","title":"Zh BaiduMap, 3.0.0.1, SQL Injection","description":"<p>Zh BaiduMap by zhuk.cc, versions 3.0.0.1 and previous, SQL Injection<\/p>\r\n<p>resolution: update to 3.0.1.0<\/p>\r\n<p>update notice: http:\/\/zhuk.cc\/2018\/02\/21\/zh-baidumap-security-update\/<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/maps-a-weather\/maps-a-locations\/zh-baidumap\/","cve_id":"CVE-2018-6605","recommendation":"update","vulnerable_version":"3.0.0.1","patch_version":"3.0.1.0","update_notice":"http:\/\/zhuk.cc\/2018\/02\/21\/zh-baidumap-security-update\/","install_data":{"name":"PKG_ZHBAIDUMAP","type":"package","creationDate":"Mar 2016","author":"Zhuk Dmitry","copyright":"Copyright","authorUrl":"http:\/\/zhuk.cc","group":""},"created":"2018-02-21T00:00:00+00:00","modified":"2018-02-21T12:58:08+00:00","statusText":"Resolved"},{"id":"553","title":"ZH GoogleMap, 8.4.0.0, SQL Injection","description":"<p>ZH GoogleMap from zhuk.cc, versions 8.4.0.0 and previous, SQL Injection<\/p>\r\n<p>Resolution: update to 8.4.1.0<\/p>\r\n<p>Update notice: http:\/\/zhuk.cc\/2018\/02\/21\/zh-googlemap-security-update-2\/<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/maps-a-weather\/maps-a-locations\/zh-googlemap\/","cve_id":"CVE-2018-6582","recommendation":"update","vulnerable_version":"8.4.0.0","patch_version":"8.4.1.0","update_notice":"http:\/\/zhuk.cc\/2018\/02\/21\/zh-googlemap-security-update-2\/","install_data":{"name":"PKG_ZHGOOGLEMAP","type":"package","creationDate":"Mar 2016","author":"Zhuk Dmitry","copyright":"Copyright","authorUrl":"http:\/\/zhuk.cc","group":""},"created":"2018-02-21T00:00:00+00:00","modified":"2018-02-21T12:34:25+00:00","statusText":"Resolved"},{"id":"555","title":"ZH Yandex Map, 6.2.1.0, SQL Injection","description":"<p>ZH Yandex Map from zhuk.cc, versions 6.2.1.0 and previous, SQL Injection<\/p>\r\n<p>Resolution: update to version 6.3.1.0<\/p>\r\n<p>Update notice: http:\/\/zhuk.cc\/2018\/02\/21\/zh-yandexmap-security-update-2\/<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/maps-a-weather\/maps-a-locations\/zh-yandexmap\/","cve_id":"CVE-2018-6604","recommendation":"update","vulnerable_version":"6.2.1.0","patch_version":"6.3.1.0","update_notice":"http:\/\/zhuk.cc\/2018\/02\/21\/zh-yandexmap-security-update-2\/","install_data":{"name":"PKG_ZHYANDEXMAP","type":"package","creationDate":"Mar 2016","author":"Zhuk Dmitry","copyright":"Copyright","authorUrl":"http:\/\/zhuk.cc","group":""},"created":"2018-02-21T00:00:00+00:00","modified":"2018-02-21T12:33:25+00:00","statusText":"Resolved"},{"id":"551","title":"JS Jobs, 1.1.9, SQL Injection","description":"<p>JS Jobs by Joomsky, versions 1.1.9 and previous, SQL injection<\/p>\r\n<p>resolution: update to version 1.2.0<\/p>\r\n<p>update notice: http:\/\/www.joomsky.com\/products\/js-jobs.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/js-jobs\/","recommendation":"update","vulnerable_version":"1.1.9","patch_version":"1.2.0","update_notice":"http:\/\/www.joomsky.com\/products\/js-jobs.html","install_data":{"name":"COM_JSJOBS","type":"component","creationDate":"Feb 20th, 2018","author":"Joom Sky","copyright":"Copyright (c) 2014. All rights reserved.","authorUrl":"","group":""},"created":"2018-02-20T00:00:00+00:00","modified":"2018-02-20T11:23:44+00:00","statusText":"Resolved"},{"id":"549","title":" ccNewsletter 2.2.3 security release","description":"<p>there is a SQL injection issue in ccNewsletter. I advice everyone using a ccNewsletter version before 2.2.2 to upgrade!\u00a0<\/p>\r\n<p>You can download ccNewsletter 2.2.3 from our <a title=\"Download ccNewsletter\" href=\"https:\/\/www.chillcreations.com\/downloads\/ccnewsletter\">downloads section here<\/a>.\u00a0<br \/><br \/><\/p>\r\n<p>https:\/\/www.chillcreations.com\/downloads\/ccnewsletter#reltabs-145-notes<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/ccnewsletter\/","recommendation":"update","vulnerable_version":"2.2.2","patch_version":"2.2.3","update_notice":"https:\/\/www.chillcreations.com\/downloads\/ccnewsletter#reltabs-145-notes","install_data":{"name":"ccNewsletter","type":"component","creationDate":"2018-02-19","author":"Chill Creations","copyright":"Copyright 2008 (c) Chill Creations","authorUrl":"http:\/\/www.chillcreations.com","group":""},"created":"2018-02-19T00:00:00+00:00","modified":"2018-02-19T20:09:38+00:00","statusText":"Resolved"},{"id":"545","title":"JS Support Ticket 1.1.0, ,XSS (Cross Site Scripting)","description":"<p>JS Support Ticket 1.1.0, ,XSS (Cross Site Scripting)<\/p>\r\n<p>\u00a0<\/p>\r\n<p>\u00a0<\/p>\r\n<p>UpdateNotice URL\u00a0 1.1.1<\/p>\r\n<p>http:\/\/www.joomsky.com\/products\/js-ticket-joomla.html<\/p>\r\n","status":"2","start_version":"1.1.0","vulnerable_version":"1.1.0","patch_version":"1.1.1","update_notice":"http:\/\/www.joomsky.com\/products\/js-ticket-joomla.html","created":"2018-02-08T00:00:00+00:00","modified":"2018-02-09T20:59:36+00:00","statusText":"Resolved"},{"id":"544","title":"JCE Editor,2.6.25, XSS (Cross Site Scripting)","description":"<p>JCE Editor Pro, Version 2.6.25 only, XSS (Cross Site Scripting)<\/p>\r\n<p>Resolution: update to 2.6.26<\/p>\r\n<p>Update notice: <a href=\"https:\/\/www.joomlacontenteditor.net\/news\/jce-pro-2-6-26-released\">https:\/\/www.joomlacontenteditor.net\/news\/jce-pro-2-6-26-released<\/a><\/p>\r\n<p>\u00a0<\/p>\r\n","status":"2","recommendation":"update","start_version":"2.6.25","vulnerable_version":"2.6.25","patch_version":"2.6.26","update_notice":"https:\/\/www.joomlacontenteditor.net\/news\/jce-pro-2-6-26-released","install_data":{"name":"COM_JCE","type":"component","creationDate":"31-01-2018","author":"Ryan Demmer","copyright":"Copyright (C) 2006 - 2018 Ryan Demmer. All rights reserved","authorUrl":"www.joomlacontenteditor.net","group":""},"created":"2018-01-31T00:00:00+00:00","modified":"2018-02-06T11:29:16+00:00","statusText":"Resolved"},{"id":"529","title":"Next Gen Editor,2.1.0,SQL Injection","description":"<p>Next Gen Editor, 2.1.0, SQL Injection and multiple other vulnerabilities<\/p>\r\n<p>resolution: update to version 2.2.0<\/p>\r\n<p>update notice: http:\/\/nextgeneditor.com\/index.php\/en\/support\/forum\/installation-issues\/3957-new-security-release<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/nextgen-editor\/","recommendation":"update","vulnerable_version":"2.1.0","patch_version":"2.2.0","update_notice":"http:\/\/nextgeneditor.com\/index.php\/en\/support\/forum\/installation-issues\/3957-new-security-release","install_data":{"name":"com_nge","type":"component","creationDate":"October 2017","author":"Teatis","copyright":"Copyright (C) Teatis. All rights reserved.","authorUrl":"http:\/\/www.nextgeneditor.com","group":""},"created":"2017-12-22T00:00:00+00:00","modified":"2018-02-06T11:26:17+00:00","statusText":"Resolved"},{"id":"543","title":"Simple Image Gallery (free) 3.5.0 and previous, XSS","description":"<p>Simple Image Gallery (Freed) by Joomlaworks, version 3.5.0 and previous, XSS<\/p>\r\n<p>Resolution: update to 3.6.0<\/p>\r\n<p>Update notice: https:\/\/www.joomlaworks.net\/blog\/item\/269-simple-image-gallery-free-v3-6-0-released-featuring-enhanced-print-previews-fixing-xss-vulnerability-related-to-print-page-output<\/p>\r\n<p>Note that the developer did not inform the VEL #tellvel<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/simple-image-gallery\/","recommendation":"update","vulnerable_version":"3.5.0","patch_version":"3.6.0","update_notice":"https:\/\/www.joomlaworks.net\/blog\/item\/269-simple-image-gallery-free-v3-6-0-released-featuring-enhanced-print-previews-fixing-xss-vulnerability-related-to-print-page-output","install_data":{"name":"Simple Image Gallery (by JoomlaWorks)","type":"plugin","creationDate":"January 29th, 2018","author":"JoomlaWorks","copyright":"Copyright (c) 2006 - 2018 JoomlaWorks Ltd. All rights reserved.","authorUrl":"www.joomlaworks.net","group":""},"created":"2018-01-29T00:00:00+00:00","modified":"2018-01-29T21:07:58+00:00","statusText":"Resolved"},{"id":"541","title":"cms2cms improper file\/folder permissions","description":"<p>All these extensions create a folder with permissions 0777, which is not subsequently deleted.<\/p>\r\n<ul>\r\n<li>CMS2CMS: Automated Blogger to J! Migration<\/li>\r\n<li>CMS2CMS: Automated HTML to J! Migration<\/li>\r\n<li>CMS2CMS: Automated Drupal to J! Migration<\/li>\r\n<li>CMS2CMS: Automated WordPress to J! Migration<\/li>\r\n<li>CMS2CMS Automated WiX to J! Migration<\/li>\r\n<li>CMS2CMS Connector<\/li>\r\n<\/ul>\r\n<p>\u00a0<\/p>","status":"1","created":"2018-01-15T12:25:34+00:00","modified":"2018-01-15T13:35:36+00:00","statusText":"Live"},{"id":"538","title":"En Masse, all versions, SQL Injection","description":"<p>En Masse by Matamko.com, all known versions, SQL Injection<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extension\/social-web\/social-buy\/en-masse\/","install_data":{"name":"COM_ENMASSE","type":"component","creationDate":"May 2014","author":"Matamko.com","copyright":"(C) 2012","authorUrl":"Matamko.com","group":""},"created":"2018-01-15T00:00:00+00:00","modified":"2018-01-15T12:13:29+00:00","statusText":"Live"},{"id":"517","title":"Ajax Quiz by Webkul,2.0,SQL Injection","description":"<p>Ajax Quiz by Webkul, 2.0 and previous, SQL Injection<\/p>\r\n<p>Resolution: update to version 2.1<\/p>\r\n<p>Update notice: https:\/\/store.webkul.com\/AjaxQuiz.html<\/p>\r\n","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/living\/education-a-culture\/ajaxquiz\/","recommendation":"update","vulnerable_version":"2.0","patch_version":"2.1","update_notice":"https:\/\/store.webkul.com\/AjaxQuiz.html","install_data":{"name":"Ajax Quiz","type":"component","creationDate":"07\/07\/2011","author":"Webkul","copyright":"Copyright (C) 2012 Christophe Demko. All rights reserved.","authorUrl":"","group":""},"created":"2017-10-11T00:00:00+00:00","modified":"2018-01-09T13:30:12+00:00","statusText":"Resolved"},{"id":"531","title":"Joomla Guru, SQL Injection","description":"<p>Joomla Guru by IJoomla, 5.0.15 and previous, SQL Injection<\/p>\r\n<p>resolution: update to 5.0.16<\/p>\r\n<p>update notice: https:\/\/guru.ijoomla.com\/changelog\/237-guru-5-0-16<\/p>","status":"2","recommendation":"update","vulnerable_version":"5.0.15","patch_version":"5.0.15","update_notice":"https:\/\/guru.ijoomla.com\/changelog\/237-guru-5-0-16","install_data":{"name":"COM_GURU","type":"component","creationDate":"January 08, 2018","author":"iJoomla","copyright":"C) 2011 iJoomla.com","authorUrl":"www.iJoomla.com","group":""},"created":"2017-12-29T00:00:00+00:00","modified":"2018-01-08T14:51:09+00:00","statusText":"Resolved"},{"id":"537","title":"Easy Discuss, 4.0.20, XSS","description":"<p>Easy Discuss by Stackideas, versions 4.0.20 and previous, XSS<\/p>\r\n<p>Resolution: update to 4.0.21<\/p>\r\n<p>update notice: https:\/\/stackideas.com\/blog\/easydiscuss4021-update<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/easydiscuss\/","recommendation":"update","vulnerable_version":"4.0.20","patch_version":"4.0.21","update_notice":"https:\/\/stackideas.com\/blog\/easydiscuss4021-update","install_data":{"name":"com_easydiscuss","type":"component","creationDate":"8th January 2018","author":"StackIdeas","copyright":"Copyright 2009 - 2012 Stack Ideas. All rights reserved","authorUrl":"http:\/\/www.stackideas.com","group":""},"created":"2018-01-08T00:00:00+00:00","modified":"2018-01-08T13:54:00+00:00","statusText":"Resolved"},{"id":"532","title":"JB Visa,1.0,SQL Injection","description":"<p>JB Visa by Joombooking.com, 1.0, SQL Injection<\/p>\r\n","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/vertical-markets\/booking-a-reservations\/jb-visa\/","created":"2018-01-01T18:23:57+00:00","modified":"2018-01-06T13:33:12+00:00","statusText":"Live"},{"id":"535","title":"Big File Uploader by Prismanet,1.0.2, Insecure File Upload","description":"<p>Big File Uploader by Prismanet, 1.0.2, Insecure File Upload<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extension\/big-file-uploader\/","install_data":{"name":"Big File Uploader","type":"component","creationDate":"26-08-2016","author":"prismanet.com","copyright":"Copyright Info","authorUrl":"http:\/\/www.prismanet.com","group":""},"created":"2018-01-03T00:00:00+00:00","modified":"2018-01-06T13:22:50+00:00","statusText":"Live"},{"id":"534","title":"User Bench 1.0, sql injection","description":"<p>User Bench by gegabyte.org, version 1.0, sql injection<\/p>\r\n<p>resolution: update to version 1.1<\/p>\r\n<p>update notice: http:\/\/www.gegabyte.org\/downloads\/joomla-extensions\/joomla3\/components\/307-user-bench<\/p>\r\n<p>\u00a0<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/directory-a-documentation\/directory\/user-bench\/","recommendation":"update","vulnerable_version":"1.0","patch_version":"1.1","update_notice":"http:\/\/www.gegabyte.org\/downloads\/joomla-extensions\/joomla3\/components\/307-user-bench","install_data":{"name":"com_userbench","type":"component","creationDate":"08-18-2016","author":"Bilal Kabeer Butt","copyright":"Copyright (c) GegaByte Corporation. All Rights reserved.","authorUrl":"http:\/\/www.gegabyte.org","group":""},"created":"2018-01-01T00:00:00+00:00","modified":"2018-01-01T20:04:11+00:00","statusText":"Resolved"},{"id":"530","title":"My Projects,2.0,SQL Injection","description":"<p>My Projects,2.0,SQL Injection<\/p>\r\n<p>Resolution: update to version 2.1<\/p>\r\n<p>Update notice: http:\/\/www.gegabyte.org\/downloads\/joomla-extensions\/joomla3\/components\/292-my-projects<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/directory-a-documentation\/portfolio\/my-projects\/","recommendation":"update","vulnerable_version":"2.0","patch_version":"2.1","update_notice":"http:\/\/www.gegabyte.org\/downloads\/joomla-extensions\/joomla3\/components\/292-my-projects","install_data":{"name":"COM_MYPROJECT","type":"component","creationDate":"05-06-2016","author":"Bilal Kabeer Butt","copyright":"Copyright (c) GegaByte Corporation. All Rights reserved.","authorUrl":"http:\/\/www.gegabyte.org","group":""},"created":"2017-12-27T00:00:00+00:00","modified":"2017-12-28T21:49:09+00:00","statusText":"Resolved"},{"id":"528","title":"B2j Contact,2.0 and other,Other","description":"<p>B2j Contact,2.0 and other,Other<br \/><br \/>Resolved by upgrading to 2.1.15<\/p>\r\n","status":"2","created":"2017-12-20T13:34:41+00:00","modified":"2017-12-20T16:32:48+00:00","statusText":"Resolved"},{"id":"525","title":" JBuildozer,1.4.1,SQL Injection","description":"<p>JBuildozer,1.4.1,SQL Injection<\/p>\r\n","status":"1","created":"2017-12-15T15:30:27+00:00","modified":"2017-12-20T16:28:29+00:00","statusText":"Live"},{"id":"527","title":"JEXTN Question And Answer ,3.1.0,SQL Injection","description":"<p>JEXTN Question And Answer ,3.1.0,SQL Injection<\/p>\r\n","status":"1","created":"2017-12-15T15:32:47+00:00","modified":"2017-12-20T16:28:13+00:00","statusText":"Live"},{"id":"526","title":"JEXTN Video Gallery 3.0.5 - SQL Injection, 3.0.5 ,SQL Injection","description":"<p>JEXTN Video Gallery 3.0.5 - SQL Injection, 3.0.5 ,SQL Injection<\/p>\r\n","status":"1","created":"2017-12-15T15:31:24+00:00","modified":"2017-12-20T16:27:59+00:00","statusText":"Live"},{"id":"478","title":"Cookie consent from silktide, Unknown version, Other","description":"<p>Cookie consent from silktide, Unknown version, Malicious links aka https:\/\/cookieconsent.insites.com\/download\/<\/p>\r\n<p>When the Cookie Consent plugin by Silktide stopped using Amazon CDN, someone hijacked their Amazon storage and began serving malicious scripts so that sites that still use old version of this plugin serve unwanted ads and redirect mobile visitors instead of notifying new users about cookie use policy.<\/p>\r\n<p>Resolution: update to latest version or use a different plugin<\/p>\r\n<p>For further information see:\u00a0 http:\/\/labs.sucuri.net\/db\/malware\/rogueads.cookieconsent.1<\/p>\r\n","status":"2","created":"2017-07-10T18:00:33+00:00","modified":"2017-11-27T13:33:54+00:00","statusText":"Resolved"},{"id":"523","title":"Virtuemart,3.2.4,XSS (Cross Site Scripting)","description":"<p>Virtuemart,3.2.4,XSS (Cross Site Scripting)<\/p>\r\n<p>Resolution: update to 3.2.6<\/p>\r\n<p>update notice: http:\/\/virtuemart.net\/news\/482-virtuemart-3-2-6-security-release-and-overhauled-infrastructure<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/virtuemart\/","vulnerable_version":"3.2.4","patch_version":"3.2.6","update_notice":"http:\/\/virtuemart.net\/news\/482-virtuemart-3-2-6-security-release-and-overhauled-infrastructure","install_data":{"name":"VIRTUEMART","type":"component","creationDate":"August 23 2017","author":"The VirtueMart Development Team","copyright":"Copyright (C) 2004-2015 Virtuemart Team. All rights reserved.","authorUrl":"https:\/\/virtuemart.net","group":""},"created":"2017-11-24T00:00:00+00:00","modified":"2017-11-24T14:58:59+00:00","statusText":"Resolved"},{"id":"515","title":"NS Download Shop, 2.2.6, SQL Injection","description":"<p>NS Download Shop, 2.2.6, SQL Injection<\/p>\r\n<p>Resolution: update to 2.2.8<\/p>\r\n<p>Update notice: https:\/\/nswd.co\/extensions\/help-desk\/security-release-v2-2-8<\/p>\r\n<p class=\"western\" style=\"margin-bottom: 0cm;\"><span style=\"font-family: Alps, sans-serif;\">\u00a0<\/span><\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/e-commerce\/paid-downloads\/ns-downloadshop\/","recommendation":"update","vulnerable_version":"2.2.6","patch_version":"2.2.8","update_notice":"https:\/\/nswd.co\/extensions\/help-desk\/security-release-v2-2-8","install_data":{"name":"com_ns_downloadshop","type":"component","creationDate":"21 May 2015","author":"Natural Selection Web Design LLC","copyright":"Copyright (C) 2009 - 2015 by Natural Selection Web Design LLC. All rights reserved.","authorUrl":"http:\/\/nswd.co","group":""},"created":"2017-10-03T00:00:00+00:00","modified":"2017-11-22T18:57:20+00:00","statusText":"Resolved"},{"id":"519","title":"JS Jobs,1.1.8, RCE","description":"<p>JS Jobs, 1.1.8, Remote code execution - includes free and pro versions<\/p>\r\n<p>resolution: update to 1.1.9<\/p>\r\n<p>update notice: http:\/\/www.joomsky.com\/products\/js-jobs.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/ads-a-affiliates\/jobs-a-recruitment\/js-jobs\/","vulnerable_version":"1.1.8","patch_version":"1.1.9","update_notice":"update notice: http:\/\/www.joomsky.com\/products\/js-jobs.html","install_data":{"name":"COM_JSJOBS","type":"component","creationDate":"July 11th, 2017","author":"Joom Sky","copyright":"Copyright (c) 2014. All rights reserved.","authorUrl":"","group":""},"created":"2017-10-24T00:00:00+00:00","modified":"2017-10-25T13:46:07+00:00","statusText":"Resolved"},{"id":"520","title":"HDW Player,4.0.0, RCE","description":"<p>HDW Player,4.0.0 and all other versions, remote code execution<\/p>\r\n<p>Note that this vulnerabilitiy was supposedly fixed by the developer in version 3.2.2, the fact that this issue has arisen again suggests that the developer is aware of it and has created a deliberate back door. The VEL believe that this extension should be regarded as malicious and should be permanently removed from any site using it.<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extension\/hd-webplayer\/","install_data":{"name":"HDW Player","type":"component","creationDate":"August 2016","author":"HDW Player","copyright":"Copyright (c) 2016-2017 HDW Player. All rights reserved.","authorUrl":"www.hdwplayer.com","group":""},"created":"2017-10-24T00:00:00+00:00","modified":"2017-10-24T17:51:06+00:00","statusText":"Live"},{"id":"387","title":" HDW Player, 3.2.1 and older","description":"<p>HDW Player, 3.2.1 and older (including 3.1 and 3.0)<\/p>\r\n<p>Remote code execution<\/p>\r\n<p>Please see <a href=\"vel-blog\/2033-hdw-player-4-0-0-rce\">https:\/\/vel.joomla.org\/vel-blog\/2033-hdw-player-4-0-0-rce<\/a> for further information.<\/p>\r\n","status":"1","jed":"https:\/\/extensions.joomla.org\/extension\/hd-webplayer\/","vulnerable_version":"3.2.1","patch_version":"3.2.2","update_notice":"https:\/\/www.hdwplayer.com\/download\/","install_data":{"name":"HDW Player","type":"component","creationDate":"November 2012","author":"HDW Player","copyright":"Copyright (c) 2011 - 2013 HDW Player. All rights reserved.","authorUrl":"www.hdwplayer.com","group":""},"created":"2016-10-24T00:00:00+00:00","modified":"2017-10-24T17:07:43+00:00","statusText":"Live"},{"id":"518","title":"Google Maps by Reumer, 3.5, Malicious update","description":"<p>Google Maps by Reumer, from mapsplugin.com, version 3.5, malicious update<\/p>\r\n<p>Version 3.3 of this plugin is listed in the JED and appears to be clean. However once installed, the Joomla update manager prompts you to update this extension to a version 3.5 (which is not officially published). This version contains hidden backlinks and potential backdoor, with tracking information about the website running the plugin and user.<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/maps-a-weather\/maps-a-locations\/google-maps-by-reumer\/","install_data":{"name":"System - Google Maps","type":"plugin","creationDate":"July 2014","author":"mapsplugin.com","copyright":"(C) 2014 mapsplugin.com","authorUrl":"mapsplugin.com","group":""},"created":"2017-10-20T00:00:00+00:00","modified":"2017-10-20T17:09:38+00:00","statusText":"Live"},{"id":"514","title":"ZH Yandex Map, 6.1.1.0, SQL Injection","description":"<p>ZH Yandex Map, 6.1.1.0 and previous versions, SQL Injection<\/p>\r\n<p>Resolution: update to 6.2.0.0<\/p>\r\n<p>Update notice: http:\/\/zhuk.cc\/2017\/10\/05\/zh-yandexmap-security-update\/<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/maps-a-weather\/maps-a-locations\/zh-yandexmap\/","recommendation":"update","update_notice":"http:\/\/zhuk.cc\/2017\/10\/05\/zh-yandexmap-security-update\/","install_data":{"name":"COM_ZHYANDEXMAP","type":"component","creationDate":"Feb 2013","author":"Zhuk Dmitry","copyright":"Copyright","authorUrl":"http:\/\/zhuk.cc","group":""},"created":"2017-10-03T00:00:00+00:00","modified":"2017-10-05T10:27:08+00:00","statusText":"Resolved"},{"id":"512","title":"Bargain Product VM3, 1.0, SQL Injection","description":"<p>Bargain Product VM3 by WebOrange, 1.0, SQL Injection<\/p>\r\n","status":"1","created":"2017-09-29T11:54:56+00:00","modified":"2017-10-04T10:57:32+00:00","statusText":"Live"},{"id":"513","title":"Price Alert for Virtuemart,3.0.4,SQL Injection","description":"<p>Price Alert for Virtuemart by WebOrange, 3.0.4 and all previous, SQL Injection<\/p>\r\n","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/extension-specific\/virtuemart-extensions\/price-alert\/","install_data":{"name":"com_price_alert","type":"component","creationDate":"2017-05-27","author":"Web Orange","copyright":"copyright (C) 2017 weborange.eu. All Rights Reserved.","authorUrl":"http:\/\/www.weborange.eu","group":""},"created":"2017-09-29T00:00:00+00:00","modified":"2017-10-04T10:57:08+00:00","statusText":"Live"},{"id":"511","title":"Keen IT Photo Contest, 1.0.2, SQL Injection","description":"<p>Keen IT Photo Contest, 1.0.2, SQL Injection<\/p>\r\n","status":"1","created":"2017-09-27T18:23:38+00:00","modified":"2017-10-02T09:52:53+00:00","statusText":"Live"},{"id":"510","title":"Quiz Deluxe,3.7.4,SQL Injection","description":"<p>Quiz Deluxe by joomplace, 3.7.4, SQL Injection<\/p>\r\n<p>resolution: update to 3.7.5<\/p>\r\n<p>update notice: https:\/\/www.joomplace.com\/blog\/secure-your-quiz.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/living\/education-a-culture\/quiz-deluxe\/","recommendation":"update","vulnerable_version":"3.7.4","patch_version":"3.7.5","update_notice":"2017-09-28 11:38:26","install_data":{"name":"COM_JOOMLAQUIZ","type":"component","creationDate":"September 2017","author":"JoomPlace Team","copyright":"(C) JoomPlace, www.joomplace.com","authorUrl":"www.joomplace.com","group":""},"created":"2017-09-27T00:00:00+00:00","modified":"2017-09-28T11:41:25+00:00","statusText":"Resolved"},{"id":"505","title":"Checklist by Joomplace,1.1.0,SQL Injection","description":"<p>Checklist by Joomplace, 1.1.0, SQL Injection<\/p>\r\n<p>Resolution: update to 1.1.1<\/p>\r\n<p>Update notice: https:\/\/www.joomplace.com\/blog\/checklist-security-update.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/living\/personal-life\/checklist\/","recommendation":"update","vulnerable_version":"1.1.0","patch_version":"1.1.1","update_notice":"https:\/\/www.joomplace.com\/blog\/checklist-security-update.html","install_data":{"name":"COM_CHECKLIST","type":"component","creationDate":"April 2014","author":"JoomPlace Team","copyright":"(C) JoomPlace, www.joomplace.com","authorUrl":"www.joomplace.com","group":""},"created":"2017-09-15T00:00:00+00:00","modified":"2017-09-24T18:23:41+00:00","statusText":"Resolved"},{"id":"488","title":" SP Movie Database 1.3, SQL Injection","description":"<p>SP Movie Database version 1.3 by joomshaper.com, SQL Injection<\/p>\r\n<p>resolution: update to version 1.4<\/p>\r\n<p>update notice: https:\/\/www.joomshaper.com\/forums\/sp-movie-database-component-updated-with-security-and-other-fixes<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/directory-a-documentation\/directory\/sp-movie-database\/","recommendation":"update","vulnerable_version":"1.3","patch_version":"1.4","update_notice":"https:\/\/www.joomshaper.com\/forums\/sp-movie-database-component-updated-with-security-and-other-fixes","install_data":{"name":"COM_SPMOVIEDB","type":"component","creationDate":"Jan 2016","author":"Joomshaper","copyright":"Copyright (c) 2010- 2016 JoomShaper. All rights reserved.","authorUrl":"http:\/\/www.joomshaper.com","group":""},"created":"2017-08-21T00:00:00+00:00","modified":"2017-09-21T11:17:06+00:00","statusText":"Resolved"},{"id":"504","title":"Joomanager, other","description":"<p>Joomanager from joomanager.com, 2.0.0 and previous versions<\/p>\r\n<p>users are advised to uninstall immediately<\/p>\r\n","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/vertical-markets\/real-estate\/joomanager\/","created":"2017-09-14T00:00:00+00:00","modified":"2017-09-21T11:15:15+00:00","statusText":"Live"},{"id":"503","title":"Survey Force Deluxe,3.2.4,SQL Injection","description":"<p>Survey Force Deluxe by Joomplace, 3.2.4, SQL Injection<\/p>\r\n<p>resolution: update to 3.2.5<\/p>\r\n<p>update notice: https:\/\/www.joomplace.com\/blog\/survey-3-2-5-patch.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/contacts-and-feedback\/surveys\/survey-force-deluxe\/","recommendation":"update","vulnerable_version":"3.2.4","patch_version":"3.2.5","update_notice":"https:\/\/www.joomplace.com\/blog\/survey-3-2-5-patch.html","install_data":{"name":"Joomla Survey Force Deluxe Package","type":"package","creationDate":"September 2017","author":"Joomplace Team","copyright":"(C) JoomPlace, www.joomplace.com","authorUrl":"www.joomplace.com","group":""},"created":"2017-09-14T00:00:00+00:00","modified":"2017-09-19T17:26:56+00:00","statusText":"Resolved"},{"id":"438","title":"UserExtranet,1.3.2,SQL Injection","description":"<p>UserExtranet by Beesto.com, 1.3.2 and previous, SQL Injection<\/p>\r\n<p>resolution: update to 1.3.3<\/p>\r\n<p>update notice: http:\/\/www.beesto.com\/forum\/read.php?30,2085<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/access-a-security\/site-access\/userextranet\/","vulnerable_version":"1.3.2","patch_version":"1.3.3","update_notice":"http:\/\/www.beesto.com\/forum\/read.php?30,2085","install_data":{"name":"UserExtranet","type":"component","creationDate":"September 2017","author":"beesto.com development team","copyright":"Copyright (c) 2016 Popa S. Alexandru. All Rights Reserved","authorUrl":"www.beesto.com","group":""},"created":"2017-03-07T00:00:00+00:00","modified":"2017-09-18T19:15:52+00:00","statusText":"Resolved"},{"id":"502","title":"Payplans 3.6.2","description":"<p>Payplans 3.6.2 and previous, price manipulation<\/p>\r\n<p>resolution: update to 3.6.3<\/p>\r\n<p>update notice: https:\/\/stackideas.com\/blog\/critical-update-for-payplans-363<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/payplans\/","recommendation":"update","vulnerable_version":"3.6.2","patch_version":"3.6.3","update_notice":"https:\/\/stackideas.com\/blog\/critical-update-for-payplans-363","created":"2017-09-12T00:00:00+00:00","modified":"2017-09-12T13:34:36+00:00","statusText":"Resolved"},{"id":"500","title":"Realtyna RPL, All versions, SQL Injection and Abandonware","description":"<p>Realtyna RPL, All versions, SQL Injection and abandonware<\/p>\r\n<p>The developer no longer supports Joomla! The site is still online, but there are redirects to the Wordpress version. We asked the developer about the prospect of a security release, and received this reply:<\/p>\r\n<p><em>It\u2019s almost 2 years that we announced that RPL based on Joomla has been discontinued and we continued security upgrades for 1 year.<\/em><\/p>\r\n<p>We take that as a \"no\".<\/p>\r\n","status":"1","jed":"https:\/\/extensions.joomla.org\/extension\/vertical-markets\/real-estate\/realtyna-rpl\/","install_data":{"name":"RPL","type":"component","creationDate":"November 2014","author":"Realtyna Software Team","copyright":"Copyrighted","authorUrl":"http:\/\/www.realtyna.com","group":""},"created":"2017-09-06T00:00:00+00:00","modified":"2017-09-12T10:57:45+00:00","statusText":"Live"},{"id":"501","title":"Simgenealogy,2.1.7,SQL Injection","description":"<p>Simgenealogy by Simbunch.com, 2.1.7 and previous, SQL Injection<\/p>\r\n<p>resolution: update to 2.1.8<\/p>\r\n<p>update notice: https:\/\/www.simbunch.com\/blog\/183-simgenealogy-critical-security-update-2-1-8<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/clients-a-communities\/communities\/simgenealogy\/","recommendation":"update","vulnerable_version":"2.1.7","patch_version":"2.1.8","update_notice":"https:\/\/www.simbunch.com\/blog\/183-simgenealogy-critical-security-update-2-1-8","install_data":{"name":"SIMGenealogy","type":"package","creationDate":"Mar 2017","author":"Mike Feng","copyright":"Copyright (C) 2005 - 2017 SIMBunch.com","authorUrl":"https:\/\/www.simbunch.com\/","group":""},"created":"2017-09-07T00:00:00+00:00","modified":"2017-09-08T10:07:23+00:00","statusText":"Resolved"},{"id":"495","title":"Event Registration Pro,4.1.3,SQL Injection","description":"<p>Event Registration Pro, 4.1.3 and previous, SQL Injection<\/p>\r\n<p>Resolution: update to version 4.1.4<\/p>\r\n<p>Update notice: https:\/\/www.joomlashowroom.com\/blog\/event-registration-pro-4-1-4-security-release<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/event-registration-pro\/","recommendation":"update","vulnerable_version":"4.1.3","patch_version":"4.1.3","update_notice":"https:\/\/www.joomlashowroom.com\/blog\/event-registration-pro-4-1-4-security-release","install_data":{"name":"COM_REGISTRATIONPRO","type":"component","creationDate":"January 2017","author":"www.JoomlaShowroom.com","copyright":"Copyright \u00a9 2017 - All rights reserved.","authorUrl":"www.JoomlaShowroom.com","group":""},"created":"2017-09-01T00:00:00+00:00","modified":"2017-09-07T19:32:53+00:00","statusText":"Resolved"},{"id":"498","title":"Akeeba Backup, 5.5.1, various issues","description":"<p>Akeeba Backup, versions 5.5.1 and previous, various issues (see developer's site for details)<\/p>\r\n<p>Resolution: update to 5.5.2<\/p>\r\n<p>Update notice: https:\/\/www.akeebabackup.com\/component\/ars\/?view=Items&release_id=2732<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/akeeba-backup\/","recommendation":"update","vulnerable_version":"5.5.1","patch_version":"5.5.2","update_notice":"https:\/\/www.akeebabackup.com\/component\/ars\/?view=Items&release_id=2732","install_data":{"name":"Akeeba Backup package","type":"package","creationDate":"2017-08-29","author":"Nicholas K. Dionysopoulos","copyright":"Copyright (c)2006-2017 Akeeba Ltd \/ Nicholas K. Dionysopoulos","authorUrl":"","group":""},"created":"2017-09-04T00:00:00+00:00","modified":"2017-09-04T11:51:14+00:00","statusText":"Resolved"},{"id":"428","title":"One Vote,1.1.1,SQL Injection","description":"<p>One Vote by advcomsys.com, 1.1.1 and previous, SQL Injection<\/p>\r\n<p>resolution: update to 1.2.2<\/p>\r\n<p>update notice: http:\/\/www.advcomsys.com\/joomla-demos<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/contacts-and-feedback\/polls\/onevote","recommendation":"update","vulnerable_version":"1.1.1","patch_version":"1.2.2","update_notice":"http:\/\/www.advcomsys.com\/joomla-demos","install_data":{"name":"OneVote!","type":"component","creationDate":"November 22, 2014","author":"Brian Keahl","copyright":"(c) Advanced Computer Systems 2014","authorUrl":"http:\/\/www.advcomsys.com","group":""},"created":"2017-03-05T00:00:00+00:00","modified":"2017-09-01T19:34:44+00:00","statusText":"Resolved"},{"id":"491","title":"LMS King Lite, SQL Injection","description":"<p>LMS King Lite and LMS King Professional by king-products.net, versions up to 3.2.3.19 (lite) and 3.2.3.47 (pro), SQL Injection<\/p>\r\n<p>resolution: update to version 3.2.3.20 (lite) and 3.2.3.48 (pro)<\/p>\r\n<p>update notice url: https:\/\/www.king-products.net\/lms-king.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/living\/education-a-culture\/lms-lite\/","vulnerable_version":"3.2.3.19","patch_version":"3.2.3.20","update_notice":"https:\/\/www.king-products.net\/lms-king.html","install_data":{"name":"com_lmslite","type":"component","creationDate":"June 2012","author":"king-products.net","copyright":"(C) 2012 king-products.net. All rights reserved.","authorUrl":"www.king-products.net","group":""},"created":"2017-08-29T00:00:00+00:00","modified":"2017-08-30T19:28:43+00:00","statusText":"Resolved"},{"id":"494","title":"LMS King Pro, SQL Injection","description":"<p>LMS King Lite and LMS King Professional by king-products.net, versions up to 3.2.3.19 (lite) and 3.2.3.47 (pro), SQL Injection<\/p>\r\n<p>resolution: update to version 3.2.3.20 (lite) and 3.2.3.48 (pro)<\/p>\r\n<p>update notice url: https:\/\/www.king-products.net\/lms-king.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/living\/education-a-culture\/lms-king-professional-for-joomla\/","recommendation":"update","vulnerable_version":"3.2.3.47","patch_version":"3.2.3.48","update_notice":"https:\/\/www.king-products.net\/lms-king.html","install_data":{"name":"com_lmslite","type":"component","creationDate":"June 2012","author":"king-products.net","copyright":"(C) 2012 king-products.net. All rights reserved.","authorUrl":"www.king-products.net","group":""},"created":"2017-08-29T00:00:00+00:00","modified":"2017-08-30T19:27:20+00:00","statusText":"Resolved"},{"id":"486","title":"Calendar Planner 1.0.1 - SQL Injection","description":"<p>Calendar Planner 1.0.1 - SQL Injection<\/p>\r\n<p>resolution: update to 1.0.2<\/p>\r\n<p>update notice: http:\/\/www.joomlathat.com\/news\/news\/calendar-planner\/calendar-planner-1-0-2-security-release<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/calendars-a-events\/events\/calendar-planner\/","vulnerable_version":"1.0.1","patch_version":"1.0.2","created":"2017-08-21T00:00:00+00:00","modified":"2017-08-30T11:52:43+00:00","statusText":"Resolved"},{"id":"490","title":"Street Guesser,1.1.8,SQL Injection","description":"<p>Street Guesser by Normograph, version 1.1.8, SQL Injection<\/p>\r\n<p>resolution: update to 1.1.13<\/p>\r\n<p>update notice: https:\/\/www.nordmograph.com\/extensions\/index.php?option=com_virtuemart&view=productdetails&virtuemart_product_id=160&virtuemart_category_id=1&Itemid=58<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/sports-a-games\/streetguessr-game\/","vulnerable_version":"1.1.8","patch_version":"1.1.13","install_data":{"name":"com_streetguess","type":"component","creationDate":"2016-08-09","author":"Nordmograph","copyright":"2017 Nordmograph","authorUrl":"https:\/\/www.nordmograph.com\/extensions","group":""},"created":"2017-08-29T00:00:00+00:00","modified":"2017-08-30T11:52:11+00:00","statusText":"Resolved"},{"id":"492","title":"ccNewsletter 2.1.9 and previous, SQL injection","description":"<p>ccNewsletter by Chill Creations, version 2.1.9 and previous, SQL injection<\/p>\r\n<p>resolution: update to 2.2.0<\/p>\r\n<p>update notice: https:\/\/www.chillcreations.com\/downloads\/ccnewsletter<\/p>\r\n<p>regrettably, the developer seems to have forgotten to notify the VEL<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/ccnewsletter\/","recommendation":"update","vulnerable_version":"2.1.9","patch_version":"2.2.0","update_notice":"https:\/\/www.chillcreations.com\/downloads\/ccnewsletter","created":"2017-08-30T00:00:00+00:00","modified":"2017-08-30T11:51:37+00:00","statusText":"Resolved"},{"id":"487","title":"Twitch Tv 1.1, SQL Injection","description":"<p>Twitch TV version 1.1 by Bharat Koriya (aindropsinfotech.com), SQL Injection<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/sports-a-games\/game-servers\/twitch-tv-component\/ ","install_data":{"name":"twitchtv","type":"component","creationDate":"1\/12\/2016","author":"Raindrops Infotech","copyright":"Copyright Info","authorUrl":"raindropsinfotech","group":""},"created":"2017-08-21T00:00:00+00:00","modified":"2017-08-30T09:37:01+00:00","statusText":"Live"},{"id":"489","title":" KissGallery 1.0.0, SQL Injection","description":"<p>KissGallery version 1.0.0 by TW Carter, SQL Injection<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/photos-a-images\/galleries\/kissgallery\/","install_data":{"name":"COM_KISSGALLERY","type":"component","creationDate":"2015-12-29","author":"Terry W. Carter","copyright":"Copyright 2015 - Terry W. Carter","authorUrl":"http:\/\/www.terrywcarter.com","group":""},"created":"2017-08-21T00:00:00+00:00","modified":"2017-08-29T18:00:59+00:00","statusText":"Live"},{"id":"485","title":"Appointment, v1.1 ,SQL Injection","description":"<p>Appointment by Harmis Technology (joomlaextensions.co.in), v1.1, SQL Injection<\/p>\r\n","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/appointment\/ ","created":"2017-08-21T10:33:26+00:00","modified":"2017-08-28T20:15:00+00:00","statusText":"Live"},{"id":"484","title":"Zap Calendar, 4.3.6 and previous, SQL Injection","description":"<p>Zap Calendar, 4.3.6, SQL Injection<\/p>\r\n<p>resolution: update to 4.3.7<\/p>\r\n<p>update notice url: https:\/\/zcontent.net\/support\/zapcalendar\/265-change-log-for-zap-calendar<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/calendars-a-events\/events\/zap-calendar-lite\/","recommendation":"update","vulnerable_version":"4.3.6","patch_version":"4.3.7","update_notice":"https:\/\/zcontent.net\/support\/zapcalendar\/265-change-log-for-zap-calendar","install_data":{"name":"Zap Calendar Lite","type":"package","creationDate":"August 25, 2017","author":"Z Content","copyright":"Copyright (C) 2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017 Dan Cogliano, zcontent.net","authorUrl":"www.zcontent.net","group":""},"created":"2017-08-21T00:00:00+00:00","modified":"2017-08-26T12:28:57+00:00","statusText":"Resolved"},{"id":"483","title":"Bye Bye Password,1.0.4,Information Disclosure","description":"<p>Bye Bye Password by Ready Bytes, versions 1.0.4 and previous, Information Disclosure<\/p>\r\n<p>Also the installer includes a tracking script.<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/access-a-security\/site-access\/bye-bye-password\/","install_data":{"name":"Bye-Bye Password","type":"plugin","creationDate":"September 2013","author":"Team Ready Bytes","copyright":"Copyright (C) 2013 - 2015 Open Source Matters. All rights reserved.","authorUrl":"http:\/\/www.jpayplans.com","group":""},"created":"2017-08-17T00:00:00+00:00","modified":"2017-08-21T11:40:57+00:00","statusText":"Live"},{"id":"481","title":"Extplorer, 2.1.9 and previous, Directory Traversal","description":"<p>Extplorer, 2.1.9, Directory Traversal<\/p>\r\n<p>cve: CVE-2016-4313<\/p>\r\n<p>resolution: update to 2.1.10<\/p>\r\n<p>update notice: http:\/\/extplorer.net\/news\/21<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/extplorer\/","cve_id":"CVE-2016-4313","recommendation":"update","vulnerable_version":"2.1.9","patch_version":"2.1.10","update_notice":"http:\/\/extplorer.net\/news\/21","install_data":{"name":"eXtplorer","type":"component","creationDate":"15.03.2016","author":"soeren, QuiX Project","copyright":"Soeren Eberhardt-Biermann, QuiX Project","authorUrl":"http:\/\/extplorer.net\/","group":""},"created":"2017-08-04T00:00:00+00:00","modified":"2017-08-08T22:40:58+00:00","statusText":"Resolved"},{"id":"479","title":"IJSEO, 3.1.17, SQL Injection","description":"<p>IJSEO from IJoomla, 3.1.17, SQL Injection<\/p>\r\n<p>Resolution: update to 3.1.18<\/p>\r\n<p>Update notice: https:\/\/seo.ijoomla.com\/blog\/entry\/joomla-iseo-extension-got-important-security-fix-1-1<\/p>\r\n<p>The issue affects both the commercial (Pro) and the non-commercial (Light) versions of the extension. The developer released a security update for the Pro version on June 14th, but, due to a technical issue, an update for the Light version has not been available until today (14th July)<\/p>","status":"2","jed":"not listed in the JED","vulnerable_version":"3.1.17","patch_version":"3.1.18","update_notice":"https:\/\/seo.ijoomla.com\/blog\/entry\/joomla-iseo-extension-got-important-security-fix-1-1","install_data":{"name":"COM_IJOOMLA_SEO","type":"component","creationDate":"April 21, 2017","author":"iJoomla","copyright":"iJoomla.com","authorUrl":"www.ijoomla.com","group":""},"created":"2017-07-11T00:00:00+00:00","modified":"2017-07-14T14:47:53+00:00","statusText":"Resolved"},{"id":"476","title":"JoomRecipe,1.0.3,SQL Injection","description":"<h1>JoomRecipe<\/h1>\r\n<p>,1.0.3,SQL Injection<\/p>\r\n<p>UpdateNotice URL <a href=\"https:\/\/www.joomboost.com\/blog-updates\/entry\/joomrecipe-version-1-0-4-security-announcement.html\" rel=\"alternate\">https:\/\/www.joomboost.com\/blog-updates\/entry\/joomrecipe-version-1-0-4-security-announcement.html<\/a><\/p>\r\n<p><br \/><strong>changelog<\/strong><\/p>\r\n<p>Changelog Url <a href=\"https:\/\/www.joomboost.com\/components-changelogs\/60-joomrecipe-changelog.html\" rel=\"alternate\">https:\/\/www.joomboost.com\/components-changelogs\/60-joomrecipe-changelog.html<\/a><\/p>\r\n","status":"2","created":"2017-06-24T22:51:06+00:00","modified":"2017-06-25T07:17:11+00:00","statusText":"Resolved"},{"id":"475","title":"Joomla Payage, 2.05, SQL Injection","description":"<p>Joomla Payage, 2.05 and previous, SQL Injection<\/p>\r\n<p>Resolution: update to 2.0.6<\/p>\r\n<p>Update notice: http:\/\/www.lesarbresdesign.info\/version-history\/payage<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/e-commerce\/payment-systems\/payage\/","recommendation":"update","vulnerable_version":"2.0.5","patch_version":"2.0.6","update_notice":"http:\/\/www.lesarbresdesign.info\/version-history\/payage","created":"2017-06-13T00:00:00+00:00","modified":"2017-06-15T09:02:14+00:00","statusText":"Resolved"},{"id":"474","title":"Vik Appointments 1.4 and previous","description":"<p>Vik Appointments 1.4 and previous, SQL Injection<\/p>\r\n<p>Resolution: update to 1.5<\/p>\r\n<p>Update notice: https:\/\/extensionsforjoomla.com\/blog\/12-updates\/46-security-notices-sql-injection-reports<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/vertical-markets\/booking-a-reservations\/vik-appointments","recommendation":"update","vulnerable_version":"1.4","patch_version":"1.5","update_notice":"https:\/\/extensionsforjoomla.com\/blog\/12-updates\/46-security-notices-sql-injection-reports","install_data":{"name":"COM_VIKAPPOINTMENTS","type":"component","creationDate":"November 15, 2015","author":"Extensionsforjoomla.com","copyright":"Copyright (C) 2015-2016 e4j - Extensionsforjoomla.com . All Rights Reserved","authorUrl":"https:\/\/extensionsforjoomla.com","group":""},"created":"2017-06-05T00:00:00+00:00","modified":"2017-06-05T15:32:06+00:00","statusText":"Resolved"},{"id":"473","title":"Vik Rent Items 1.3 and previous","description":"<p>Vik Rent Items 1.3 and previous SQL injection<\/p>\r\n<p>Resolution:update to version 1.4<\/p>\r\n<p>Update notice: https:\/\/extensionsforjoomla.com\/blog\/12-updates\/46-security-notices-sql-injection-reports<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/vertical-markets\/booking-a-reservations\/vik-rent-items","vulnerable_version":"1.3","patch_version":"1.4","update_notice":"https:\/\/extensionsforjoomla.com\/blog\/12-updates\/46-security-notices-sql-injection-reports","install_data":{"name":"VikRentItems","type":"component","creationDate":"2015-November","author":"e4j - Extensionsforjoomla.com","copyright":"Copyright e4j - Extensionsforjoomla.com - All rights reserved","authorUrl":"https:\/\/e4j.com\/","group":""},"created":"2017-06-05T00:00:00+00:00","modified":"2017-06-05T15:30:14+00:00","statusText":"Resolved"},{"id":"472","title":"Vik Rent Car 1.10 and previous","description":"<p>Vik Rent Car 1.10 and previous, SQL injection<\/p>\r\n<p>Resolution: update to 1.11<\/p>\r\n<p>Update notice: https:\/\/extensionsforjoomla.com\/blog\/12-updates\/46-security-notices-sql-injection-reports<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/vertical-markets\/vehicles\/vik-rent-car","recommendation":"update","vulnerable_version":"1.10","patch_version":"1.11","update_notice":"https:\/\/extensionsforjoomla.com\/blog\/12-updates\/46-security-notices-sql-injection-reports","install_data":{"name":"COM_VIKRENTCAR","type":"component","creationDate":"2017-January","author":"e4j - Extensionsforjoomla.com","copyright":"Copyright e4j - Extensionsforjoomla.com - All rights reserved","authorUrl":"https:\/\/e4j.com\/","group":""},"created":"2017-06-05T00:00:00+00:00","modified":"2017-06-05T15:28:18+00:00","statusText":"Resolved"},{"id":"470","title":"AYS Quiz,1.0,SQL Injection","description":"<p>AYS Quiz, 1.0,SQL Injection<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/living\/education-a-culture\/ays-quiz\/","created":"2017-06-01T00:00:00+00:00","modified":"2017-06-01T22:42:44+00:00","statusText":"Live"},{"id":"469","title":"HikaShop Business,3.1.0,SQL Injection","description":"<p>HikaShop Business,3.1.0,SQL Injection<br \/><br \/>new version number 3.1.1 Update Notice URL<a href=\"https:\/\/www.hikashop.com\/home\/blog\/373-security-release-for-hikashop-business.html\" rel=\"alternate\"> https:\/\/www.hikashop.com\/home\/blog\/373-security-release-for-hikashop-business.html<\/a><\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/hikashop\/","start_version":"3.1.0","vulnerable_version":"3.1.0","patch_version":"3.1.1","update_notice":"https:\/\/www.hikashop.com\/home\/blog\/373-security-release-for-hikashop-business.html","install_data":{"name":"HikaShop","type":"component","creationDate":"01 juin 2017","author":"hikashop.com","copyright":"(C) 2010-2017 HIKARI SOFTWARE. All rights reserved.","authorUrl":"http:\/\/www.hikashop.com","group":""},"created":"2017-06-01T00:00:00+00:00","modified":"2017-06-01T22:42:06+00:00","statusText":"Resolved"},{"id":"468","title":"Kunena 5.0.8 and previous XSS","description":"<p>Kunena 5.0.8 and previous, cross-site scripting (XSS)<\/p>\r\n<p>Resolution: update to 5.0.9<\/p>\r\n<p>Update notice: https:\/\/www.kunena.org\/blog\/185-kunena-5-0-9-released<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/kunena\/","recommendation":"update","vulnerable_version":"5.0.8","patch_version":"5.0.9","update_notice":"https:\/\/www.kunena.org\/blog\/185-kunena-5-0-9-released","install_data":{"name":"com_kunena","type":"component","creationDate":"2017-05-15","author":"Kunena Team","copyright":"(C) 2008 - 2017 Kunena Team. All rights reserved.","authorUrl":"https:\/\/www.kunena.org","group":""},"created":"2017-05-26T00:00:00+00:00","modified":"2017-05-26T14:00:07+00:00","statusText":"Resolved"},{"id":"456","title":"JMultipleHotelReservation, 6.0.3, SQL Injection","description":"<p>JMultipleHotelReservation by CMS Junkie, 6.0.3, SQL Injection<\/p>\r\n<p>Resolution: Update to 6.0.4<\/p>\r\n<p>Update notice: http:\/\/www.cmsjunkie.com\/blog\/joomla-hotel-reservation-6-0-4-release\/<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/jmultiplehotelreservation\/","recommendation":"update","vulnerable_version":"6.0.3","patch_version":"6.0.4","update_notice":"http:\/\/www.cmsjunkie.com\/blog\/joomla-hotel-reservation-6-0-4-release\/","install_data":{"name":"JHotelReservation","type":"component","creationDate":"September 2010","author":"CMSJunkie","copyright":"(C) CMSJunkie. All rights reserved.","authorUrl":"www.cmsjunkie.com","group":""},"created":"2017-03-15T00:00:00+00:00","modified":"2017-05-20T21:10:20+00:00","statusText":"Resolved"},{"id":"465","title":" Myportfolio,3.0.2,SQL Injection","description":"<p>Myportfolio,3.0.2,SQL Injection<br \/><br \/>Developer statement<\/p>\r\n<p>new version number 3.0.3 Update Notice URL https:\/\/www.samybaxy.net\/<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/directory-a-documentation\/portfolio\/myportfolio\/","vulnerable_version":"3.0.2","patch_version":"3.0.3","update_notice":"Update Notice URL https:\/\/www.samybaxy.net\/","created":"2017-05-01T00:00:00+00:00","modified":"2017-05-11T09:50:06+00:00","statusText":"Resolved"},{"id":"466","title":"Extra Search by Joomlaboat,2.2.8 and previous,SQL Injection","description":"<p>Extra Search by Joomlaboat, 2.2.8 and previous, SQL Injection<\/p>","status":"1","vulnerable_version":"2.2.8","install_data":{"name":"ExtraSearch","type":"component","creationDate":"February 2011","author":"DesignCompass corp","copyright":"Copyright (C) Design Compass corp. All rights reserved.","authorUrl":"http:\/\/compass.com.pa","group":""},"created":"2017-05-11T00:00:00+00:00","modified":"2017-05-11T09:49:30+00:00","statusText":"Live"},{"id":"463","title":"Joomla Modern Booking,1.0,SQL Injection","description":"<p>Joomla Modern Booking,1.0,SQL Injection<br \/><br \/><\/p>\r\n<p>new version number 2.0.0<\/p>\r\n<p>\u00a0<\/p>\r\n<p>UpdateNotice URL<\/p>\r\n<p>\u00a0<\/p>\r\n<p><a href=\"https:\/\/www.unikalus.com\/announcements.html\">https:\/\/www.unikalus.com\/announcements.html<\/a><\/p>\r\n<p>\u00a0<\/p>\r\n","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/vertical-markets\/booking-a-reservations\/modern-booking\/","created":"2017-04-09T13:41:18+00:00","modified":"2017-04-15T22:05:29+00:00","statusText":"Resolved"},{"id":"462","title":"JobGrok,versions 3.1, SQL Injection","description":"<div>JobGrok Listing - V3.1-1.2.58 (and prior was vulnerable) - com_jobgroklist<\/div>\r\n<div>Resolution: update to V3.1-1.2.59<\/div>\r\n<div>\u00a0<\/div>\r\n<div>JobGrok Application - V3.1-1.2.55 (and prior was vulnerable) - com_jobgrokapp<\/div>\r\n<div>Resolution: update to V3.1-1.2.56<\/div>\r\n<div>\u00a0<\/div>\r\n<div>JobGrok Premium - V3.1-1.6.69 (and prior was vulnerable) - com_jobgrok<\/div>\r\n<div>Resolution: update to V3.1-1.6.70<\/div>\r\n<p>Update Notice: http:\/\/www.tk-tek.com\/security-fix-2017-04-03<\/p>\r\n","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/job-grok-app\/","recommendation":"update","patch_version":"3.1-1.2.5","update_notice":"http:\/\/www.tk-tek.com\/n\/file\/view\/43\/4","install_data":{"name":"com_jobgrokapp","type":"component","creationDate":"November 18, 2014, 3:25 am","author":"TK Tek, LLC.","copyright":"Copyright {c} 2008-2014","authorUrl":"","group":""},"created":"2017-04-03T00:00:00+00:00","modified":"2017-04-04T19:41:57+00:00","statusText":"Resolved"},{"id":"460","title":"OrdaSoft CCK,2.0.4,SQL Injection","description":"<p>OrdaSoft CCK, 2.0.4, SQL Injection<\/p>\r\n<p>Resolution: update to 2.0.5<\/p>\r\n<p>Update notice: http:\/\/ordasoft.com\/News\/News\/os-cck-content-construction-kit-for-joomla-security-update.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/ordasoft-cck\/","recommendation":"update","vulnerable_version":"2.0.4","patch_version":"2.0.5","update_notice":"http:\/\/ordasoft.com\/News\/News\/os-cck-content-construction-kit-for-joomla-security-update.html","install_data":{"name":"COM_OS_CCK","type":"component","creationDate":"March 2017","author":"Andrey Kvasnevskiy, Roman Akoev, Buchastiy Sergey","copyright":"Ordasoft - Andrey Kvasnevskiy","authorUrl":"http:\/\/www.ordasoft.com","group":""},"created":"2017-03-18T00:00:00+00:00","modified":"2017-03-28T22:03:36+00:00","statusText":"Resolved"},{"id":"457","title":"AppointmentBookingPro,4.0.1,SQL Injection","description":"<p>AppointmentBookingPro, 4.0.1, SQL Injection<\/p>\r\n<p>Resolution: update to 4.0.2 (RC2)<\/p>\r\n<p>Update notice: https:\/\/appointmentbookingpro.com\/support2\/an2\/17169-joomla-vel.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/vertical-markets\/booking-a-reservations\/appointmentbookingpro\/","vulnerable_version":"4.0.2 (RC1","patch_version":"4.0.2 (RC2","update_notice":"https:\/\/appointmentbookingpro.com\/support2\/an2\/17169-joomla-vel.html","install_data":{"name":"com_rsappt_pro3","type":"component","creationDate":"July 2016","author":"Soft Ventures, Inc.","copyright":"Copyright(C) 2008 - 2016 Soft Ventures, Inc. All rights reserved","authorUrl":"www.softventures.com","group":""},"created":"2017-03-16T00:00:00+00:00","modified":"2017-03-24T19:07:49+00:00","statusText":"Resolved"},{"id":"461","title":"Membership Pro and other OS Solution extensions","description":"<p>Os Solution products have fixed an issue in the Paypal payment gateway in five of their extensions and made new releases to fix it:-<\/p>\r\n<p>1. Events Booking version 2.14.2 https:\/\/www.joomdonation.com\/forum\/events-booking-general-discussion\/57320-events-booking-version-2-14-2-released.html<br \/><br \/>2. Membership Pro version 2.8.3 https:\/\/www.joomdonation.com\/forum\/membership-pro\/57321-membership-pro-version-2-8-3-released.html<br \/><br \/>3. Eshop version 2.5.4 https:\/\/www.joomdonation.com\/forum\/released-versions\/57293-eshop-2-5-4-was-released-at-21-march-2017.html#96127<\/p>\r\n<p>4. OS Services Booking 2.5.3 https:\/\/www.joomdonation.com\/forum\/os-services-booking\/57336-version-2-5-3-paypal-security-announcement.html<br \/><br \/>5. Joom Donation version 4.6 https:\/\/www.joomdonation.com\/forum\/joom-donation\/57334-version-4-6-paypal-security-announcement.html<br \/><br \/><\/p>\r\n","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/e-commerce\/membership-a-subscriptions\/membership-pro\/","created":"2017-03-21T23:51:11+00:00","modified":"2017-03-23T12:10:04+00:00","statusText":"Resolved"},{"id":"441","title":"MediaLibrary,3.5.4, SQL Injection","description":"<p>MediaLibrary by Ordasoft, 3.5.4, SQL Injection<\/p>\r\n<p>Resolution: update to 3.5.5<\/p>\r\n<p>Update notice: http:\/\/ordasoft.com\/News\/News\/media-library-security-update.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/living\/education-a-culture\/medialibrary-basic\/","recommendation":"update","vulnerable_version":"3.5.4","patch_version":"3.5.5","update_notice":"http:\/\/ordasoft.com\/News\/News\/media-library-security-update.html","install_data":{"name":"MediaLibrary","type":"component","creationDate":"March 2017","author":"Rob de Cleen, Andrey Kvasnevskiy","copyright":"This component is released under License from included LICENSE.txt file","authorUrl":"http:\/\/www.ordasoft.com","group":""},"created":"2017-03-08T00:00:00+00:00","modified":"2017-03-22T21:35:41+00:00","statusText":"Resolved"},{"id":"442","title":"Real Estate Manager,3.9.7,SQL Injection","description":"<p>Real Estate Manager by Ordasoft, 3.9.7, SQL Injection<\/p>\r\n<p>Resolution: update to 3.9.8<\/p>\r\n<p>Update notice: http:\/\/ordasoft.com\/News\/News\/real-estate-manager-security-update.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/vertical-markets\/real-estate\/realestatemanager-basic\/","vulnerable_version":"3.9.7","patch_version":"3.9.8","update_notice":"http:\/\/ordasoft.com\/News\/News\/real-estate-manager-security-update.html","install_data":{"name":"RealEstateManager","type":"component","creationDate":"March 2017","author":"Rob de Cleen, Andrey Kvasnevskiy","copyright":"ordasoft - Andrey Kvasnevskiy ","authorUrl":"http:\/\/www.ordasoft.com","group":""},"created":"2017-03-09T00:00:00+00:00","modified":"2017-03-22T21:27:56+00:00","statusText":"Resolved"},{"id":"436","title":"Canonical Url,4.1.1,SQL Injection","description":"<p>Canonical Url by CMSPlugin.com, 4.1.1, SQL Injection<\/p>\r\n<p>Resolution: update to 4.2.1<\/p>\r\n<p>Update notice: https:\/\/www.cmsplugin.com\/products\/components\/4-canonical-url<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/canonical-url\/","vulnerable_version":"4.1.1","patch_version":"4.2.1","update_notice":"https:\/\/www.cmsplugin.com\/products\/components\/4-canonical-url","install_data":{"name":"com_canonical","type":"component","creationDate":"March 2017","author":"CMSPlugin.com","copyright":"CMSPlugin.com","authorUrl":"http:\/\/www.cmsplugin.com","group":""},"created":"2017-03-06T00:00:00+00:00","modified":"2017-03-21T16:31:26+00:00","statusText":"Resolved"},{"id":"459","title":"Directorix Directory Manager,1.1.1,SQL Injection","description":"<p>Directorix Directory Manager,1.1.1,SQL Injection<\/p>\r\n","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/directory-a-documentation\/address-book\/directorix-directory-manager\/","created":"2017-03-18T10:33:40+00:00","modified":"2017-03-20T11:42:13+00:00","statusText":"Live"},{"id":"454","title":"Smart related articles ,1.1,SQL Injection and XSS","description":"<p>Smart related articles by Iacopo Guarneri, 1.1,SQL Injection and XSS<\/p>\r\n","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/news-display\/articles-display\/smart-related-articles\/","install_data":{"name":"Button - Smart Related Articles","type":"plugin","creationDate":"20140910","author":"Iacopo Guarneri","copyright":"","authorUrl":"http:\/\/www.iacopo-guarneri.me\/","group":""},"created":"2017-03-14T00:00:00+00:00","modified":"2017-03-20T11:41:24+00:00","statusText":"Live"},{"id":"328","title":"AP Portfolio [mod_ap_portfolio], 3.3 and below, XSS (Cross Site Scripting)","description":"<p>AP Portfolio [mod_ap_portfolio], 3.3.1 and below, XSS (Cross Site Scripting)<\/p>\r\n<p>Extension includes vulnerable JS library prettyPhoto<\/p>\r\n<p>Vulnerability fixed in version 3.3.2<\/p>\r\n<p><strong>Update notice:\u00a0<\/strong><a href=\"http:\/\/aplikko.com\/joomla-extensions\/ap-portfolio\">http:\/\/aplikko.com\/joomla-extensions\/ap-portfolio<\/a><\/p>\r\n","status":"2","vulnerable_version":"3.3.1","patch_version":"3.3.2","update_notice":"http:\/\/aplikko.com\/joomla-extensions\/ap-portfolio","install_data":{"name":"AP Portfolio","type":"module","creationDate":"January 2015","author":"Aplikko","copyright":"Copyright @ 2014 Aplikko.com. All rights reserved.","authorUrl":"http:\/\/www.aplikko.com","group":""},"created":"2015-06-20T00:00:00+00:00","modified":"2017-03-18T11:59:44+00:00","statusText":"Resolved"},{"id":"329","title":"Responsive Portfolio Wall [mod_repowa], 1.0 and below, XSS (Cross Site Scripting)","description":"<p>Responsive Portfolio Wall [mod_repowa], 1.0, XSS (Cross Site Scripting)<\/p>\r\n<p>Extension includes vulnerable version of JS library prettyPhoto<\/p>\r\n<p>Vulnerability fixed in version 1.1<\/p>\r\n<p><strong>Update notice:\u00a0<\/strong>http:\/\/www.joomlabusiness.net\/module\/responsive-portfolio-wall<\/p>","status":"2","vulnerable_version":"1.0","patch_version":"1.1","update_notice":"http:\/\/www.joomlabusiness.net\/module\/responsive-portfolio-wall","created":"2015-06-21T00:00:00+00:00","modified":"2017-03-18T11:56:22+00:00","statusText":"Resolved"},{"id":"334","title":"BK Multithumb for Joomla 1.5, 2.5.0.4, XSS (Cross Site Scripting)","description":"<p>BK-Multithumb for Joomla 1.5, 2.5.0.4, XSS (Cross Site Scripting)<\/p>\r\n<p>Extension contains known vulnerable version of JS library prettyPhoto<\/p>\r\n<p>The vulnerability in JS file was patched by extension author on basis of 3.1.2 file.<\/p>\r\n<p><strong>Update notice:<\/strong> <a href=\"http:\/\/joomla.rjews.net\/bk-multithumb\">http:\/\/joomla.rjews.net\/bk-multithumb<\/a>\u00a0<\/p>","status":"2","recommendation":"update","vulnerable_version":"2.5.0.4","patch_version":"2.5.0.5","update_notice":"http:\/\/joomla.rjews.net\/bk-multithumb","created":"2015-06-22T00:00:00+00:00","modified":"2017-03-18T11:53:58+00:00","statusText":"Resolved"},{"id":"320","title":"BK MultiThumb [multithumb], 3.7.1 and below, XSS (Cross Site Scripting)","description":"<p>BK-MultiThumb, 3.7.1 and below, XSS (Cross Site Scripting)<\/p>\r\n<p>Extension contains known vulnerable version of JS library prettyPhoto.<\/p>\r\n<p>The vulnerability in JS file was patched by extension author on basis of 3.1.5 file.<\/p>\r\n<p><strong>Update notice:<\/strong>\u00a0<a href=\"http:\/\/joomla.rjews.net\/bk-multithumb\">http:\/\/joomla.rjews.net\/bk-multithumb<\/a><\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/bk-multithumb\/","vulnerable_version":"3.7.1","patch_version":"3.7.2","update_notice":"http:\/\/joomla.rjews.net\/bk-multithumb","created":"2015-06-20T00:00:00+00:00","modified":"2017-03-18T11:52:52+00:00","statusText":"Resolved"},{"id":"309","title":"Contus HD Video Share (aka HDVideoShare) by Apptha [com_contushdvideoshare], 3.5 and below, Directory Traversal","description":"<p>Contus HD Video Share by Apptha [com_contushdvideoshare], 3.5 and below, Directory Traversal<\/p>","status":"1","install_data":{"name":"Contus HD Video Share","type":"component","creationDate":"January 2014","author":"Apptha","copyright":"Copyright (C) 2011 Powered by Apptha","authorUrl":"http:\/\/www.apptha.com","group":""},"created":"2015-06-25T00:00:00+00:00","modified":"2017-03-18T11:30:04+00:00","statusText":"Live"},{"id":"443","title":"Vehicle Manager,3.9.4,SQL Injection","description":"<p>Vehicle Manager by Ordasoft,3.9.4, SQL Injection<\/p>\r\n<p>Resolution: update to 3.9.5<\/p>\r\n<p>Update Notice URL<br \/><br \/>http:\/\/ordasoft.com\/News\/News\/vehicle-manager-security-update.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/vertical-markets\/vehicles\/vehiclemanager-basic\/","vulnerable_version":"3.9.4","patch_version":"3.9.5","update_notice":"UpdateNotice URL http:\/\/ordasoft.com\/News\/News\/vehicle-manager-security-update.html","install_data":{"name":"VehicleManager","type":"component","creationDate":"December 2016","author":"Rob de Cleen, Andrey Kvasnevskiy","copyright":"ordasoft - Andrey Kvasnevskiy ","authorUrl":"http:\/\/www.ordasoft.com","group":""},"created":"2017-03-09T00:00:00+00:00","modified":"2017-03-17T17:45:37+00:00","statusText":"Resolved"},{"id":"440","title":"BookLibrary,3.6.14,SQL Injection","description":"<p>BookLibrary by Ordasoft, 3.6.14, SQL Injection<\/p>\r\n<p>Resolutiion: Update to 3.6.15<\/p>\r\n<p>Update notice: http:\/\/ordasoft.com\/News\/News\/book-library-security-update.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/living\/education-a-culture\/booklibrary-basic\/","vulnerable_version":"3.6.14","patch_version":"3.6.15","update_notice":"http:\/\/ordasoft.com\/News\/News\/book-library-security-update.html","install_data":{"name":"BookLibrary","type":"component","creationDate":"February 2017","author":"Rob de Cleen, Andrey Kvasnevskiy","copyright":"This component is released under License from included LICENSE.txt file","authorUrl":"http:\/\/www.ordasoft.com","group":""},"created":"2017-03-08T00:00:00+00:00","modified":"2017-03-17T17:28:55+00:00","statusText":"Resolved"},{"id":"132","title":"Jinc, ALL,","description":"<p>Jinc ALL - Exploit Type Arbitrary File Creation Vulnerability<\/p>\r\n<p>JINC until version 1.0.1 is affected by a vulnerability providing attackers the ability to update arbitrary files in Joomla! installation. This problem is solved in JINC 1.0.2<br \/><a href=\"http:\/\/lhacky.altervista.org\/jextensions\/index.php\/component\/content\/article\/21-news\/jinc\/100-security-issue-on-jinc-1-0-1\">http:\/\/lhacky.altervista.org\/jextensions\/index.php\/component\/content\/article\/21-news\/jinc\/100-security-issue-on-jinc-1-0-1<\/a><\/p>","status":"2","vulnerable_version":"1.0.1","patch_version":"1.0.2","update_notice":"http:\/\/lhacky.altervista.org\/jextensions\/index.php\/component\/content\/article\/21-news\/jinc\/100-security-issue-on-jinc-1-0-1","created":"2013-05-29T00:00:00+00:00","modified":"2017-03-16T14:36:09+00:00","statusText":"Resolved"},{"id":"447","title":"J-Business Directory by CMS Junkie, 4.6.8, SQL Injection","description":"<p>J-Business Directory by CMS Junkie, 4.6.8, SQL Injection<\/p>\r\n<p>Resolution: update to 4.7.3<\/p>\r\n<p>Update Notice URL: http:\/\/www.cmsjunkie.com\/blog\/cat\/news-joomla-business-directory\/post\/joomla_business_directory_4-7-3_release<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/j-businessdirectory\/","vulnerable_version":"4.6.8","patch_version":"4.7.3","update_notice":"http:\/\/www.cmsjunkie.com\/blog\/cat\/news-joomla-business-directory\/post\/joomla_business_directory_4-7-3_release","install_data":{"name":"JBusinessDirectory","type":"component","creationDate":"November 2011","author":"CMSJunkie","copyright":"(C) CMSJunkie. All rights reserved.","authorUrl":"www.cmsjunkie.com","group":""},"created":"2017-03-11T00:00:00+00:00","modified":"2017-03-16T12:45:33+00:00","statusText":"Resolved"},{"id":"458","title":"J-Hotel Portal,6.0.2,SQL Injection","description":"<p>J-Hotel Portal by cmsjunkie.com, 6.0.2, SQL Injection<\/p>\r\n","status":"1","created":"2017-03-16T12:02:49+00:00","modified":"2017-03-16T12:06:04+00:00","statusText":"Live"},{"id":"453","title":"OS Property,3.0.9,SQL Injection","description":"<p>OS Property,3.0.9,SQL Injection<\/p>\r\n<p>Resolution: update to 3.10.0<\/p>\r\n<p>Update notice: https:\/\/www.joomdonation.com\/forum\/os-property\/56774-os-property-3-0-9-security-announcement.html<\/p>\r\n","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/os-property\/","vulnerable_version":"3.0.9","patch_version":"3.10.0","update_notice":"https:\/\/www.joomdonation.com\/forum\/os-property\/56774-os-property-3-0-9-security-announcement.html","install_data":{"name":"OS Property Package","type":"package","creationDate":"September 2011","author":"Dang Thuc Dam","copyright":"Copyright (C) 2012 - 2017 Ossolution Team","authorUrl":"http:\/\/www.joomdonation.com","group":""},"created":"2017-03-12T00:00:00+00:00","modified":"2017-03-15T11:08:16+00:00","statusText":"Resolved"},{"id":"451","title":"OS Services Booking,2.5.1,SQL Injection","description":"<p>OS Services Booking by Ossolution, 2.5.1, SQL Injection<\/p>\r\n<p>Resolution: update to 2.5.2<\/p>\r\n<p>Update notice: https:\/\/www.joomdonation.com\/forum\/os-services-booking\/55627-os-services-booking-2-5-2-security-announcement.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/os-services-booking\/","vulnerable_version":"2.5.1","patch_version":"2.5.2","update_notice":"https:\/\/www.joomdonation.com\/forum\/os-services-booking\/55627-os-services-booking-2-5-2-security-announcement.html","install_data":{"name":"Osservicesbooking","type":"component","creationDate":"20.7.2012","author":"Dang Thuc Dam","copyright":"(C) 2012-2017 Ossolution.","authorUrl":"www.joomdonation.com","group":""},"created":"2017-03-12T00:00:00+00:00","modified":"2017-03-14T10:35:08+00:00","statusText":"Resolved"},{"id":"408","title":"Joomloc-CAT, version 4.1.3, SQL injection","description":"<p>Joomloc-CAT, version 4.1.3, SQL injection<\/p>\r\n<p>Resolution: update to 4.2.1<\/p>\r\n<p>Update Notice URL<\/p>\r\n<p>http:\/\/www.joomloc.fr.nf\/en\/downloads-products\/file\/joomloc-pro-channel-manager-pms.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/vertical-markets\/booking-a-reservations\/joomloc-cat\/","vulnerable_version":"4.1.3","patch_version":"4.2.1","update_notice":"http:\/\/www.joomloc.fr.nf\/en\/downloads-products\/file\/joomloc-pro-channel-manager-pms.html","install_data":{"name":"Joomloc","type":"component","creationDate":"29-Sep-2013","author":"Laurent Brossard","copyright":"Copyright (C) 2009 - 2013 Laubrotel.com. All rights reserved.","authorUrl":"http:\/\/www.laubrotel.com","group":""},"created":"2017-02-20T00:00:00+00:00","modified":"2017-03-13T18:32:11+00:00","statusText":"Resolved"},{"id":"450","title":"Joomloc-lite by joomloc.fr,1.3.3,SQL Injection","description":"<p>Joomloc-lite by joomloc.fr, 1.3.3, SQL Injection<\/p>\r\n<p>Resolution: update to 1.4.1<\/p>\r\n<p>Update Notice URL<br \/><br \/>http:\/\/www.joomloc.fr.nf\/telecharger\/file\/joomloc-lite-free-3.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/vertical-markets\/booking-a-reservations\/joomloc-lite\/","vulnerable_version":"1.3.3","patch_version":"1.4.1","update_notice":"http:\/\/www.joomloc.fr.nf\/telecharger\/file\/joomloc-lite-free-3.html","install_data":{"name":"Joomloc","type":"component","creationDate":"07-Nov-2012","author":"Laubro","copyright":"Copyright (C) 2012 Laubrotel.com. All rights reserved.","authorUrl":"http:\/\/www.laubrotel.com","group":""},"created":"2017-03-12T00:00:00+00:00","modified":"2017-03-13T14:41:02+00:00","statusText":"Resolved"},{"id":"452","title":"Most Wanted Real Estate,1.1.0,SQL Injection","description":"<p>Most Wanted Real Estate, 1.1.0, SQL Injection<\/p>\r\n","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/vertical-markets\/real-estate\/most-wanted-real-estate\/","created":"2017-03-12T17:54:45+00:00","modified":"2017-03-13T11:01:20+00:00","statusText":"Live"},{"id":"449","title":"Google Map Store Locator by Matamko,4.0,SQL Injection","description":"<p>Google Map Store Locator by Matamko, 4.0, SQL Injection<\/p>\r\n","status":"1","jed":"https:\/\/extensions.joomla.org\/extension\/google-map-store-locator\/","created":"2017-03-11T12:58:14+00:00","modified":"2017-03-13T10:58:44+00:00","statusText":"Live"},{"id":"448","title":"PayPal IPN for DOCman by shopfiles.com,3.1,SQL Injection","description":"<p>PayPal IPN for DOCman by shopfiles.com, 3.1, SQL Injection<\/p>\r\n","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/extension-specific\/docman-extensions\/paypal-ipn-for-docman\/","created":"2017-03-11T12:47:29+00:00","modified":"2017-03-13T10:57:44+00:00","statusText":"Live"},{"id":"446","title":"Alta User Points,1.1.7,SQL Injection","description":"<p>Alta User Points, 1.1.7, SQL Injection<\/p>\r\n<p>Resolution: update to 1.1.8<\/p>\r\n<p>Update Notice URL<\/p>\r\n<p>https:\/\/www.nordmograph.com\/extensions\/index.php?option=com_virtuemart&view=productdetails&virtuemart_product_id=120&virtuemart_category_id=8&Itemid=58<\/p>\r\n<p>\u00a0<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/e-commerce\/credits-a-point-systems\/altauserpoints\/","vulnerable_version":"1.1.7","patch_version":"1.1.8","update_notice":"https:\/\/www.nordmograph.com\/extensions\/index.php?option=com_virtuemart&view=productdetails&virtuemart_product_id=120&virtuemart_category_id=8&Itemid=58","install_data":{"name":"AltaUserPoints","type":"component","creationDate":"2016-02-12","author":"Bernard Gilly - Adrien Roussel","copyright":"2015-2017 Bernard Gilly - Adrien Roussel - All Rights Reserved","authorUrl":"https:\/\/www.nordmograph.com\/extensions","group":""},"created":"2017-03-09T00:00:00+00:00","modified":"2017-03-10T16:48:44+00:00","statusText":"Resolved"},{"id":"411","title":"GPS Tools v4.0.1,4.0.1,SQL Injection","description":"<p>GPS Tools v4.0.1,4.0.1,SQL Injection<\/p>\r\n<p><a href=\"https:\/\/www.corejoomla.com\/news\/1163-gps-tools-v4-0-2-is-released.html\">Developer release statement<\/a> to the vel team<\/p>\r\n<h3>https:\/\/www.corejoomla.com\/news\/1163-gps-tools-v4-0-2-is-released.html<\/h3>","status":"2","jed":"https:\/\/extensions.joomla.org\/index.php?option=com_jed&view=extension&layout=default&id=5371&Itemid=145","vulnerable_version":"4.0.1","patch_version":"4.0.2","update_notice":"https:\/\/www.corejoomla.com\/news\/1163-gps-tools-v4-0-2-is-released.html","install_data":{"name":"GPS Tools Package","type":"package","creationDate":"2016-Dec-05","author":"Maverick","copyright":"","authorUrl":"","group":""},"created":"2017-02-26T09:59:24+00:00","modified":"2017-03-10T11:23:27+00:00","statusText":"Resolved"},{"id":"433","title":"JO Facebook gallery,4.5,SQL Injection","description":"<p>JO Facebook gallery by Joomcore.com, 4.5,SQL Injection<\/p>\r\n<p>resolution: update to 4.6<\/p>\r\n<p>Update Notice URL<br \/><br \/>http:\/\/joomcore.com\/news-updates\/item\/109-update-jo-facebook-gallery-to-version-4-6-fixed-problem-sql-injection-in-version-4-5<\/p>\r\n<p>\u00a0<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/social-web\/social-media\/jo-facebook-gallery\/","vulnerable_version":"4.5","patch_version":"4.6","update_notice":"http:\/\/joomcore.com\/news-updates\/item\/109-update-jo-facebook-gallery-to-version-4-6-fixed-problem-sql-injection-in-version-4-5","install_data":{"name":"jofacebookgallery","type":"component","creationDate":"7th March, 2017","author":"http:\/\/www.joomcore.com\/","copyright":"http:\/\/www.joomcore.com. All rights reserved.","authorUrl":"http:\/\/www.joomcore.com\/","group":""},"created":"2017-03-06T11:36:00+00:00","modified":"2017-03-10T11:21:31+00:00","statusText":"Resolved"},{"id":"445","title":"Eventix Events Calendar by Informafix,1.0,SQL Injection","description":"<p>Eventix Events Calendar by Informafix, 1.0, SQL Injection<\/p>\r\n","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/calendars-a-events\/events\/eventix-events-calendar\/","created":"2017-03-09T23:01:21+00:00","modified":"2017-03-10T11:02:10+00:00","statusText":"Live"},{"id":"444","title":"Magic Deals Web by Jason Web Design,1.2.0,SQL Injection","description":"<p>Magic Deals Web by Jason Web Design, 1.2.0, SQL Injection<\/p>\r\n","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/e-commerce\/gifts-a-coupons\/magic-deals-web\/","created":"2017-03-09T22:45:47+00:00","modified":"2017-03-10T11:01:25+00:00","statusText":"Live"},{"id":"407","title":"JomWall, 4.1.1,SQL Injection","description":"<p>JomWall version 4.1.1 and previous, SQL Injection<\/p>\r\n<p>resolution: update to 4.1.2<\/p>\r\n<p>update notice: https:\/\/dashbite.com\/news\/jomwall-security-fix-new-version-4-1-2<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/clients-a-communities\/communities\/jomwall\/","recommendation":"update","vulnerable_version":"4.1.1","patch_version":"4.1.2","update_notice":"https:\/\/dashbite.com\/news\/jomwall-security-fix-new-version-4-1-2","install_data":{"name":"com_awdwall","type":"component","creationDate":"04\/08\/2013","author":"Dashbite","copyright":"Copyright 2009 - 2017 Dashbite.com. All Rights Reserved.","authorUrl":"Dashbite.com","group":""},"created":"2017-02-20T11:25:24+00:00","modified":"2017-03-08T11:21:33+00:00","statusText":"Resolved"},{"id":"439","title":"MultiTier,3.1,SQL Injection","description":"<p>MultiTier by Beesto.com, 3.1, SQL Injection<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/ads-a-affiliates\/affiliate-systems\/multitier\/","vulnerable_version":"3.1","created":"2017-03-08T00:00:00+00:00","modified":"2017-03-08T11:19:35+00:00","statusText":"Live"},{"id":"437","title":"Street Guesser,1.1.7,SQL Injection","description":"<p>Street Guesser by Nordmograph,1.1.7,SQL Injection<\/p>\r\n<p>resolution: update to 1.1.8<\/p>\r\n<p>update notice: https:\/\/www.nordmograph.com\/extensions\/index.php?option=com_virtuemart&view=productdetails&virtuemart_product_id=160&virtuemart_category_id=1&Itemid=58<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/sports-a-games\/streetguessr-game\/","recommendation":"update","vulnerable_version":"1.1.7","patch_version":"1.1.8","update_notice":"https:\/\/www.nordmograph.com\/extensions\/index.php?option=com_virtuemart&view=productdetails&virtuemart_product_id=160&virtuemart_category_id=1&Itemid=58","install_data":{"name":"com_streetguess","type":"component","creationDate":"2016-08-09","author":"Nordmograph","copyright":"2017 Nordmograph","authorUrl":"https:\/\/www.nordmograph.com\/extensions","group":""},"created":"2017-03-07T00:00:00+00:00","modified":"2017-03-07T12:49:30+00:00","statusText":"Resolved"},{"id":"432","title":"community quiz,4.4.1,SQL Injection","description":"<p>community quiz by corejoomla.com, 4.4.1, SQL Injection<\/p>\r\n<p>Resolution: update to 4.4.2<\/p>\r\n<p>Update Notice:<br \/><br \/>https:\/\/www.corejoomla.com\/news\/1164-community-quiz-v4-4-2-is-released.html<\/p>\r\n<p>\u00a0<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/living\/education-a-culture\/community-quiz\/","recommendation":"update","vulnerable_version":"4.4.1","patch_version":"4.4.2","update_notice":"https:\/\/www.corejoomla.com\/news\/1164-community-quiz-v4-4-2-is-released.html","install_data":{"name":"Community Quiz","type":"component","creationDate":"2017-Mar-06","author":"Maverick","copyright":"Copyright corejoomla.com. All rights reserved.","authorUrl":"http:\/\/www.corejoomla.org","group":""},"created":"2017-03-05T00:00:00+00:00","modified":"2017-03-06T22:42:18+00:00","statusText":"Resolved"},{"id":"422","title":"guesser, 1.0.4","description":"<p>guesser by bitsgeo.com, 1.0.4, SQL Injection<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/marketing\/guesser\/","vulnerable_version":"1.0.4","created":"2017-03-05T00:00:00+00:00","modified":"2017-03-06T12:08:32+00:00","statusText":"Live"},{"id":"424","title":"recipe manager, 2.2","description":"<p>recipe manager by joomla6teen.com, 2.2, SQL Injection<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/vertical-markets\/thematic-directory\/recipe-manager\/","vulnerable_version":"2.2","created":"2017-03-05T00:00:00+00:00","modified":"2017-03-06T12:07:19+00:00","statusText":"Live"},{"id":"420","title":"Coupon manager, 3.5","description":"<p>Coupon manager by joomla6teen.com, 3.5, SQL Injection<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/e-commerce\/gifts-a-coupons\/coupon\/","vulnerable_version":"3.5","created":"2017-03-05T00:00:00+00:00","modified":"2017-03-06T12:04:53+00:00","statusText":"Live"},{"id":"426","title":"Abstract manager, 2.1","description":"<p>Abstract manager by joomla6teen.com, 2.1, SQL Injection<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/calendars-a-events\/events\/abstract-manager\/","vulnerable_version":"2.1","created":"2017-03-05T00:00:00+00:00","modified":"2017-03-06T12:02:17+00:00","statusText":"Live"},{"id":"430","title":"Ajax search for K2, 2.2","description":"<p>Ajax search for K2 by taleia.software, 2.2, SQL Injection<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/extension-specific\/k2-extensions\/ajax-search-for-k2\/","vulnerable_version":"2.2","created":"2017-03-05T00:00:00+00:00","modified":"2017-03-06T11:58:15+00:00","statusText":"Live"},{"id":"310","title":"SimpleImageUpload by Tuts4You, 1.2 and below, Other","description":"<p>SimpleImageUpload by Tuts4You, 1.2, Other<\/p>","status":"1","vulnerable_version":"1.2","install_data":{"name":"SimpleImageUpload","type":"component","creationDate":"08.02.2012","author":"Mathias Hortig","copyright":"Copyright (C) 2011 http:\/\/tuts4you.de\/ All rights reserved.\n\t","authorUrl":"http:\/\/tuts4you.de\/","group":""},"created":"2015-06-26T00:00:00+00:00","modified":"2017-02-20T13:45:44+00:00","statusText":"Live"},{"id":"336","title":"BT Portfolio,3.0.5 and below,Other","description":"<p>BT Portfolio,3.0.5 and below,Other<\/p>\r\n<p>Resolution: update to 3.0.6 or later<\/p>\r\n<p>Update notice: http:\/\/bowthemes.com\/bt-portfolio-version-3.0.6.4.6-released.html<\/p>\r\n<p>\u00a0<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/bt-portfolio\/","recommendation":"update","vulnerable_version":"3.0.5","patch_version":"3.0.6","update_notice":"http:\/\/bowthemes.com\/bt-portfolio-version-3.0.6.4.6-released.html","install_data":{"name":"Bt_Portfolio","type":"component","creationDate":"February 2012","author":"Bowthemes","copyright":"Copyright \u00a9 2011 Bow Themes","authorUrl":"http:\/\/www.bowthemes.com","group":""},"created":"2015-06-26T00:00:00+00:00","modified":"2017-02-20T13:40:13+00:00","statusText":"Resolved"},{"id":"343","title":"Helpdesk Pro by Ossolution Team [com_helpdeskpro], before 1.4.0, multiple vulns","description":"<p>Helpdesk Pro by Ossolution Team [com_helpdeskpro], before 1.4.0, multiple vulns<\/p>\r\n<p>Vulnerabilities:<\/p>\r\n<ul>\r\n<li>Direct Object References<\/li>\r\n<li>Cross-Site Scripting<\/li>\r\n<li>SQL Injection<\/li>\r\n<li>Local file disclosure\/Path traversal<\/li>\r\n<li>File Upload<\/li>\r\n<\/ul>\r\n<p><strong>Fixed:<\/strong>\u00a0vulnerability fixed in version\u00a01.4.0<\/p>\r\n<p><strong>Developer's notice:<\/strong>\u00a0http:\/\/joomdonation.com\/forum\/helpdesk-pro\/48029-helpdesk-pro-1-4-0-security-released.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/helpdesk-pro\/","recommendation":"update","vulnerable_version":"1.3.9","patch_version":"1.4.0","update_notice":"http:\/\/joomdonation.com\/forum\/helpdesk-pro\/48029-helpdesk-pro-1-4-0-security-released.html","created":"2015-07-22T00:00:00+00:00","modified":"2017-02-20T12:40:24+00:00","statusText":"Resolved"},{"id":"348","title":"J2Store by Weblogicx India, 3.1.6 and below, SQL Injections","description":"<p>J2Store by Weblogicx India, 3.1.6 and below, SQL Injections<\/p>\r\n<p><strong>Update:<\/strong> vulnerabilites fixed in version 3.1.7<\/p>\r\n<p><strong>Announcement:<\/strong>\u00a0http:\/\/j2store.org\/j2store-v3.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/j2store\/","recommendation":"update","vulnerable_version":"3.1.6","patch_version":"3.1.7","update_notice":"http:\/\/j2store.org\/j2store-v3.html","install_data":{"name":"J2Store","type":"component","creationDate":"April 2015","author":"Ramesh Elamathi","copyright":"Copyright (c) 2015 Weblogicx India Private Ltd. All rights reserved.","authorUrl":"http:\/\/j2store.org","group":""},"created":"2015-07-23T00:00:00+00:00","modified":"2017-02-20T11:53:58+00:00","statusText":"Resolved"},{"id":"264","title":"J2Store 2.5 to 2.8.3, SQL Injection","description":"<p>J2Store 2.5 to 2.8.3 SQL Injection<\/p>\r\n<p>Update to 2.8.4<\/p>\r\n<p>UpdateNoticeURL<br \/>http:\/\/j2store.org\/blog\/213-security-update-january-2015.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/j2store\/","recommendation":"update","start_version":"2.5","vulnerable_version":"2.8.3","patch_version":"2.8.4","update_notice":"http:\/\/j2store.org\/blog\/213-security-update-january-2015.html","install_data":{"name":"com_j2store","type":"component","creationDate":"November 2014","author":"Sasi varna kumar","copyright":"Copyright (c) 2014 - 2019 Weblogicx India Private Ltd. All rights reserved.","authorUrl":"http:\/\/j2store.org","group":""},"created":"2015-01-20T00:00:00+00:00","modified":"2017-02-20T11:50:52+00:00","statusText":"Resolved"},{"id":"349","title":"Event Manager, 2.1.4 and below, multiple vulnerabilities","description":"<p>Event Manager, 2.1.4 and below,\u00a0SQLi and Unrestricted File Upload<\/p>\r\n<p>Fixed in version 2.1.4.2<\/p>\r\n<p><strong>Notice:\u00a0<\/strong>http:\/\/www.joomlaeventmanager.net\/project\/changelog-jem-2<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/jem\/","recommendation":"update","vulnerable_version":"2.1.4","patch_version":"2.1.4.2","update_notice":"http:\/\/www.joomlaeventmanager.net\/project\/changelog-jem-2","install_data":{"name":"pkg_jem","type":"package","creationDate":"August 2015","author":"JEM Community","copyright":"Copyright (C) 2013-2015 joomlaeventmanager.net","authorUrl":"http:\/\/www.joomlaeventmanager.net","group":""},"created":"2015-08-17T00:00:00+00:00","modified":"2017-02-17T23:02:30+00:00","statusText":"Resolved"},{"id":"350","title":"Music Collection, 2.4.6 and below, SQL Injection","description":"<p>Music Collection [com_muscol], 2.4.6 and below, SQL Injection<\/p>\r\n<p>Fixed in 2.4.10<\/p>\r\n<p><strong>Notice:\u00a0<\/strong>http:\/\/www.joomlathat.com\/news\/music-collection\/music-collection-2-4-9-released-security-release-2\u00a0<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/multimedia\/multimedia-players\/music-collection\/","recommendation":"update","vulnerable_version":"2.4.6","patch_version":"2.4.10","update_notice":"http:\/\/www.joomlathat.com\/news\/music-collection\/music-collection-2-4-9-released-security-release-2","install_data":{"name":"MusCol","type":"component","creationDate":"July 2014","author":"JoomlaThat!","copyright":"2009 - 2014, JoomlaThat.com","authorUrl":"http:\/\/www.joomlathat.com","group":""},"created":"2015-08-26T00:00:00+00:00","modified":"2017-02-17T22:53:05+00:00","statusText":"Resolved"},{"id":"259","title":"JCE - Joomla Content Editor 2.4.5 and previous","description":"<p>Versions 2.4.5 and previous<\/p>\r\n<p>Update to Version 2.4.6 improves security in add-on installation system<\/p>\r\n<p>UpdateNoticeURL<br \/>https:\/\/www.joomlacontenteditor.net\/news\/item\/jce-246-released<br \/><br \/><br \/><br \/><br \/><br \/><\/p>\r\n<p>\u00a0<\/p>\r\n<p>\u00a0<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/edition\/editors\/jce\/","recommendation":"update","vulnerable_version":"2.4.5","patch_version":"2.4.6","update_notice":"https:\/\/www.joomlacontenteditor.net\/news\/item\/jce-246-released","install_data":{"name":"JCE","type":"component","creationDate":"09 December 2014","author":"Ryan Demmer","copyright":"Copyright (C) 2006 - 2014 Ryan Demmer. All rights reserved","authorUrl":"www.joomlacontenteditor.net","group":""},"created":"2015-01-19T00:00:00+00:00","modified":"2017-02-17T22:49:14+00:00","statusText":"Resolved"},{"id":"352","title":"JCE - A Content Editor for Joomla, 2.5.0, 2.5.1, 2.5.2","description":"<p>JCE - A Content Editor for Joomla, vulnerable versions: 2.5.0, 2.5.1, 2.5.2,<\/p>\r\n<p>Vulnerability type: other<\/p>\r\n<p>Resolution: update to version 2.5.3<\/p>\r\n<p>Update Notice URL<br \/>https:\/\/www.joomlacontenteditor.net\/news\/item\/jce-253-released<\/p>\r\n<p>Developer says that versions prior to 2.5.0 do not appear to be affected, but all users are advised to upgrade to 2.5.3<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/edition\/editors\/jce\/","recommendation":"update","start_version":"2.5.0","vulnerable_version":"2.5.2","patch_version":"2.5.3","update_notice":"https:\/\/www.joomlacontenteditor.net\/news\/item\/jce-253-released","install_data":{"name":"JCE","type":"component","creationDate":"05 June 2015","author":"Ryan Demmer","copyright":"Copyright (C) 2006 - 2015 Ryan Demmer. All rights reserved","authorUrl":"www.joomlacontenteditor.net","group":""},"created":"2015-09-02T00:00:00+00:00","modified":"2017-02-17T22:48:45+00:00","statusText":"Resolved"},{"id":"353","title":"Joomla GoogleSearch (CSE), 3.0.2 and below, any Joomla","description":"<p>Joomla GoogleSearch (CSE), 3.0.2 and below, any Joomla, XSS (Cross Site Scripting)<\/p>\r\n<p>Resolution: update to version 3.0.4<\/p>\r\n<p>Update Notice:\u00a0http:\/\/www.kksou.com\/php-gtk2\/joomla-news\/important-notice-googlesearch-cse-component.php\u00a0<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/googlesearch-cse-component\/","vulnerable_version":"3.0.2","patch_version":"3.0.4","update_notice":"http:\/\/www.kksou.com\/php-gtk2\/joomla-news\/important-notice-googlesearch-cse-component.php","created":"2015-09-02T00:00:00+00:00","modified":"2017-02-17T22:37:33+00:00","statusText":"Resolved"},{"id":"406","title":"JE Property Finder, 1.6.3","description":"<p>JE Property Finder,1.6.3,SQL Injection<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extension\/je-property-finder\/","vulnerable_version":"1.6.3","install_data":{"name":"JE Property Finder","type":"component","creationDate":"18\/11\/2009","author":"Hardik Mistry","copyright":"Copyright (C) 2009 - 2010 Open Source Matters. All rights reserved.","authorUrl":"www.joomlaextensions.co.in","group":""},"created":"2017-02-14T00:00:00+00:00","modified":"2017-02-17T22:03:13+00:00","statusText":"Live"},{"id":"344","title":"Huge IT Slider,1.0.9,SQL Injection","description":"<p>Huge IT Slider,1.0.9,SQL Injection<\/p>\r\n<p>Resolution: update to 1.1.0<\/p>\r\n<p>update notice: https:\/\/huge-it.com\/joomla-extensions-security-notice\/<\/p>","status":"2","recommendation":"update","vulnerable_version":"1.0.9","patch_version":"1.1.0","update_notice":"https:\/\/huge-it.com\/joomla-extensions-security-notice\/","install_data":{"name":"COM_SLIDER","type":"component","creationDate":"January 2015","author":"Huge-IT","copyright":"Copyright (C) 2013 Huge-IT.com 2013. All rights reserved.","authorUrl":"http:\/\/www.huge-it.com","group":""},"created":"2016-09-27T00:00:00+00:00","modified":"2017-02-17T21:46:05+00:00","statusText":"Resolved"},{"id":"337","title":"Huge IT Catalog,1.0.6,SQL Injection","description":"<p>Huge IT Catalog,1.0.6 and previous versions ,SQL Injection and XSS vulnerability<\/p>\r\n<p>Resolution: update to 1.0.8<\/p>\r\n<p>Update notice: https:\/\/huge-it.com\/joomla-extensions-security-notice\/<\/p>\r\n<p>\u00a0<\/p>","status":"2","recommendation":"update","vulnerable_version":"1.0.6","patch_version":"1.0.8","update_notice":"https:\/\/huge-it.com\/joomla-extensions-security-notice\/","install_data":{"name":"COM_CATALOG","type":"component","creationDate":"January 2015","author":"Huge-IT","copyright":"Copyright (C) 2013 Huge-IT.com 2013. All rights reserved.","authorUrl":"http:\/\/www.huge-it.com","group":""},"created":"2016-08-13T00:00:00+00:00","modified":"2017-02-17T21:31:36+00:00","statusText":"Resolved"},{"id":"339","title":"Huge IT Video Gallery,1.1.1,XSS (Cross Site Scripting)","description":"<p>Huge IT Video Gallery,1.1.1,XSS (Cross Site Scripting)<\/p>\r\n<p>Also versions 1.0.9 and previous have SQL injection vulnerability<\/p>\r\n<p>Resolution: update to version 1.1.3<\/p>\r\n<p>Update notice: https:\/\/huge-it.com\/joomla-extensions-security-notice\/<\/p>","status":"2","vulnerable_version":"1.1.1","patch_version":"1.1.3","update_notice":"https:\/\/huge-it.com\/joomla-extensions-security-notice\/","install_data":{"name":"COM_VIDEOGALLERYLITE","type":"component","creationDate":"January 2015","author":"Huge-IT","copyright":"Copyright (C) 2013 Huge-IT.com 2013. All rights reserved.","authorUrl":"http:\/\/www.huge-it.com","group":""},"created":"2016-09-24T00:00:00+00:00","modified":"2017-02-17T21:27:44+00:00","statusText":"Resolved"},{"id":"258","title":"JEvents pre 3.1.37","description":"<p>Version 3.1.37 eliminates a low risk theoretical XSS exploit and SQL injection exploit.<\/p>\r\n<p>UpdateNoticeURL<br \/>https:\/\/www.jevents.net\/jevnews\/234-jevents-32<br \/><br \/>{ttweet}{fsubscribe}<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/jevents\/","vulnerable_version":"3.1.36","patch_version":"3.1.37","update_notice":"https:\/\/www.jevents.net\/jevnews\/234-jevents-32","created":"2015-01-19T00:00:00+00:00","modified":"2017-02-15T13:46:16+00:00","statusText":"Resolved"},{"id":"354","title":"JEvents, pre 3.2.20","description":"<p>Extension: JEvents from jevents.net<\/p>\r\n<p>Vulnerability: SQL injection<\/p>\r\n<p>Versions affected prior to 3.2.20<\/p>\r\n<p>Resolution: update to 3.2.20 - JEvents 3.4.0RC6 is also available for Joomla 3.4+ which fixes the same security issue.<\/p>\r\n<p>Update notice URL:\u00a0https:\/\/www.jevents.net\/component\/zoo\/item\/jevents-33\u00a0<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/jevents\/","recommendation":"update","vulnerable_version":"3.2.19","patch_version":"3.2.20","update_notice":"https:\/\/www.jevents.net\/component\/zoo\/item\/jevents-33","install_data":{"name":"JEvents Package","type":"package","creationDate":"January 2015","author":"Geraint Edwards","copyright":"(C) 2012-2015 GWE Systems Ltd","authorUrl":"www.gwesystems.com","group":""},"created":"2015-09-03T00:00:00+00:00","modified":"2017-02-15T13:44:31+00:00","statusText":"Resolved"},{"id":"355","title":"Master User, versions before 2.1.4","description":"<p>Versions before 2.1.4 suffered from an issue with insecure default settings, the issue affects Joomla 3.4 sites only, but users are advised by the developer to update anyway.<\/p>\r\n<p>Resolution: Update to version 2.1.4<\/p>\r\n<p>Update notice URL: https:\/\/www.spiralscripts.co.uk\/News\/security-release-master-user-plugin.html<\/p>\r\n<p>\u00a0<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/profile\/extension\/access-a-security\/site-access\/master-user\/","vulnerable_version":"2.1.3","patch_version":"2.1.4","update_notice":"https:\/\/www.spiralscripts.co.uk\/News\/security-release-master-user-plugin.html","install_data":{"name":"Authentication - Master User","type":"plugin","creationDate":"April 2013","author":"Fiona Coulter","copyright":"(C) 2013 copyright Spiral Scripts. All rights reserved.","authorUrl":"www.spiralscripts.co.uk","group":""},"created":"2015-09-08T00:00:00+00:00","modified":"2017-02-15T13:38:28+00:00","statusText":"Resolved"},{"id":"166","title":"extplorer, 2.1.4 and below","description":"<p>extplorere, ID,DT,<\/p>\r\n<p>release of 2.1.5<br \/>http:\/\/extplorer.net\/news\/14<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/extplorer\/","recommendation":"update","vulnerable_version":"2.1.4","patch_version":"2.1.5","update_notice":"http:\/\/extplorer.net\/news\/14","install_data":{"name":"eXtplorer","type":"component","creationDate":"19.12.2013","author":"soeren, QuiX Project","copyright":"Soeren Eberhardt-Biermann, QuiX Project","authorUrl":"http:\/\/extplorer.net\/","group":""},"created":"2013-12-19T00:00:00+00:00","modified":"2017-02-15T13:33:29+00:00","statusText":"Resolved"},{"id":"272","title":"eXtplorer 2.1.6 released","description":"<p>http:\/\/extplorer.net\/news\/15\u00a0\u00a0<\/p>\r\n<p>Please update to this new eXtplorer version as it fixes an XSS security issue. Also the UTF-8 fix is recommended for users with non-ASCII filenames.<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/extplorer\/","recommendation":"update","vulnerable_version":"2.1.5","patch_version":"2.1.6","update_notice":"http:\/\/extplorer.net\/news\/15","install_data":{"name":"eXtplorer","type":"component","creationDate":"19.12.2013","author":"soeren, QuiX Project","copyright":"Soeren Eberhardt-Biermann, QuiX Project","authorUrl":"http:\/\/extplorer.net\/","group":""},"created":"2015-02-01T00:00:00+00:00","modified":"2017-02-15T13:30:54+00:00","statusText":"Resolved"},{"id":"356","title":"Extplorer, 2.1.7 and previous","description":"<p><strong>Developer startement<\/strong><\/p>\r\n<p>eXtplorer 2.1.8 released<\/p>\r\n<p>Today eXtplorer 2.1.8 was released, fixing some minor vulnerabilities. Changelog: - added security functions for protection against CSRF attacks - fixed \"directories with the name '0' are not loading\" An update is recommended.<\/p>\r\n<p>http:\/\/extplorer.net\/news\/18\u00a0<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/extplorer\/","recommendation":"update","vulnerable_version":"2.1.7","patch_version":"2.1.8","update_notice":"http:\/\/extplorer.net\/news\/18 ","install_data":{"name":"eXtplorer","type":"component","creationDate":"22.01.2015","author":"soeren, QuiX Project","copyright":"Soeren Eberhardt-Biermann, QuiX Project","authorUrl":"http:\/\/extplorer.net\/","group":""},"created":"2015-09-11T00:00:00+00:00","modified":"2017-02-15T13:28:14+00:00","statusText":"Resolved"},{"id":"358","title":"Realtyna RPL,8.9.2,Other","description":"<p>Realtyna RPL,8.9.2,Other<\/p>\r\n<p>Resolution: update to 8.9.5<\/p>\r\n<p>Update notice URL http:\/\/rpl.realtyna.com\/Change-Logs\/RPL7-Changelog<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/vertical-markets\/real-estate\/realtyna-rpl\/","recommendation":"update","vulnerable_version":"8.9.2","patch_version":"8.9.5","update_notice":"http:\/\/rpl.realtyna.com\/Change-Logs\/RPL7-Changelog","created":"2015-10-25T00:00:00+00:00","modified":"2017-02-15T13:14:28+00:00","statusText":"Resolved"},{"id":"359","title":"cckseblod 1.x Directory Traversal","description":"<p>com_cckseblod aka seblod 1.x for Joomla 1.5<\/p>\r\n<p>1.9.0 and all previous versions<\/p>\r\n<p>Directory Traversal<\/p>\r\n<p>Resolution: update to 1.9.1<\/p>\r\n<p>Update notice: http:\/\/www.seblod.com\/changelogs?seb_changelog_product=cck_1x<\/p>\r\n<p>Developer states that Seblod 3.x, the version compatible with Joomla 2.5 and 3, is not vulnerable<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/profile\/extension\/authoring-a-content\/content-construction\/seblod\/","recommendation":"update","vulnerable_version":"1.9.0","patch_version":"1.9.1","update_notice":"http:\/\/www.seblod.com\/changelogs?seb_changelog_product=cck_1x","created":"2015-11-06T00:00:00+00:00","modified":"2017-02-15T13:09:50+00:00","statusText":"Resolved"},{"id":"360","title":"JNews,8.5.1,SQL Injection","description":"<p>JNews, 8.5.1 and all previous,<\/p>\r\n<p>SQL Injection<\/p>\r\n<p>Resolution: update to 8.7.1<\/p>\r\n<p>Update notice url: http:\/\/www.joobi.co\/blog\/jnews-8-7-released.html<\/p>\r\n<p>Note that due to discrepancy in developer's code between package and repository, some versions of previous security release 8.6.1 are still vulnerable. Therefore users should make sure they update to 8.7.1 to avoid confusion<\/p>\r\n<p>\u00a0<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/jnews\/","vulnerable_version":"8.6.1","patch_version":"8.7.1","update_notice":"http:\/\/www.joobi.co\/blog\/jnews-8-7-released.html","install_data":{"name":"jNews","type":"component","creationDate":"September 2015","author":"Joobi Limited","copyright":"Copyright (C) 2006-2016 Joobi Limited All rights reserved","authorUrl":"http:\/\/www.joobi.co","group":""},"created":"2015-11-09T00:00:00+00:00","modified":"2017-02-14T19:33:49+00:00","statusText":"Resolved"},{"id":"361","title":"Virtuemart 3.0.10 and previous","description":"<p>XSS<\/p>\r\n<p>Resolution: update to 3.0.12 (or 2.6.22 for VM2 users)<\/p>\r\n<p>Update notice: <a href=\"http:\/\/virtuemart.net\/news\/latest-news\/473-security-release-virtuemart-3-0-12\">http:\/\/virtuemart.net\/news\/latest-news\/473-security-release-virtuemart-3-0-12<\/a><\/p>\r\n<p>Note that developer did\u00a0 not inform the VEL<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/virtuemart\/","recommendation":"update","vulnerable_version":"3.0.8","patch_version":"3.0.10","update_notice":"http:\/\/virtuemart.net\/news\/latest-news\/473-security-release-virtuemart-3-0-12","install_data":{"name":"VIRTUEMART","type":"component","creationDate":"September 18 2015","author":"The VirtueMart Development Team","copyright":"Copyright (C) 2004-2015 Virtuemart Team. All rights reserved.","authorUrl":"http:\/\/www.virtuemart.net","group":""},"created":"2017-02-02T00:00:00+00:00","modified":"2017-02-14T19:10:53+00:00","statusText":"Resolved"},{"id":"362","title":"Resize Image On The Fly and Cache 1.1.0 and previous","description":"<p>Resize Image On The Fly and Cache - content plugin by s2software.it<\/p>\r\n<p>Version 1.1.0 and likely all previous<\/p>\r\n<p>Open folder permissions<\/p>\r\n<p>Resolution: update to version 1.3.3<\/p>\r\n<p>Existing users will need to manually fix the permissions of folder \/images\/cache to 755 or delete it in order to be recreated by the plugin with the proper permissions<\/p>\r\n<p>Update notice: http:\/\/www.s2software.it\/en\/download\/joomla-image-resize-cache<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/resize-image-on-the-fly-and-cache\/","recommendation":"update and manually fix permissions","vulnerable_version":"1.1.0","patch_version":"1.3.3","update_notice":"http:\/\/www.s2software.it\/en\/download\/joomla-image-resize-cache","install_data":{"name":"plg_content_imgresizecache","type":"plugin","creationDate":"September 2013","author":"S2 Software","copyright":"Copyright (C) 2012 - S2 Software. All rights reserved.","authorUrl":"www.s2software.it","group":""},"created":"2015-11-28T00:00:00+00:00","modified":"2017-02-14T19:02:49+00:00","statusText":"Resolved"},{"id":"363","title":"Payment Form, versions before 4.2","description":"<p>Joomdonation extensions, Information Disclosure<\/p>\r\n<p><br \/> <strong>Payment Form<\/strong> versions before 4.2<\/p>\r\n<p>Resolution: update to 4.2<\/p>\r\n<p>Update notice URL: http:\/\/joomdonation.com\/forum\/payment-form\/50514-payment-form-version-4-2-released.html<\/p>\r\n<p>\u00a0<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/contacts-and-feedback\/forms\/payment-form\/","vulnerable_version":"4.1","patch_version":"4.2","update_notice":"http:\/\/joomdonation.com\/forum\/payment-form\/50514-payment-form-version-4-2-released.html","created":"2015-12-25T10:20:31+00:00","modified":"2017-02-10T12:36:45+00:00","statusText":"Resolved"},{"id":"404","title":"Joom Donation, versions before 4.1, Information Disclosure","description":"<p>Joomdonation extensions, Information Disclosure<\/p>\r\n<p><br \/> <strong>Joom Donation versions before 4.1<\/strong><\/p>\r\n<p>Resolution: update to 4.1<\/p>\r\n<p>Update notice URL: http:\/\/joomdonation.com\/forum\/joom-donation\/50513-joom-donation-version-4-1-released.html<\/p>\r\n<p>\u00a0<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/e-commerce\/donations\/joom-donation\/","vulnerable_version":"4.0","patch_version":"4.1","update_notice":"http:\/\/joomdonation.com\/forum\/joom-donation\/50513-joom-donation-version-4-1-released.html","created":"2015-12-25T10:20:31+00:00","modified":"2017-02-10T12:33:38+00:00","statusText":"Resolved"},{"id":"402","title":"Eshop, versions before 1.4.4","description":"<p>Joomdonation extensions, Information Disclosure<\/p>\r\n<p>\u00a0<\/p>\r\n<p><strong>Eshop versions before 1.4.4<\/strong><\/p>\r\n<p>Resolution: update to 1.4.4<\/p>\r\n<p>Update notice URL: http:\/\/joomdonation.com\/forum\/released-versions\/50510-eshop-1-4-4-was-released-at-december-25-2015.html#73480<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/profile\/extension\/e-commerce\/shopping-cart\/eshop\/","recommendation":"update","vulnerable_version":"1.4.3","patch_version":"1.4.4","update_notice":"http:\/\/joomdonation.com\/forum\/released-versions\/50510-eshop-1-4-4-was-released-at-december-25-2015.html#73480","install_data":{"name":"EShop","type":"component","creationDate":"May 2013","author":"Giang Dinh Truong","copyright":"Copyright (C) 2012 Ossolution Team","authorUrl":"http:\/\/www.joomdonation.com","group":""},"created":"2015-12-25T10:20:31+00:00","modified":"2017-02-10T12:29:22+00:00","statusText":"Resolved"},{"id":"401","title":"Events Booking, versions before 2.1.1","description":"<p>Joomdonation extensions, Information Disclosure<\/p>\r\n<p><strong>Events Booking versions before 2.1.1<\/strong><\/p>\r\n<p>Resolution: update to 2.1.1<\/p>\r\n<p>Update notice URL: http:\/\/joomdonation.com\/forum\/events-booking-general-discussion\/50511-events-booking-version-2-1-1-released.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/event-booking\/","recommendation":"update","vulnerable_version":"2.1.0","patch_version":"2.1.1","update_notice":"http:\/\/joomdonation.com\/forum\/events-booking-general-discussion\/50511-events-booking-version-2-1-1-released.html","created":"2015-12-25T10:20:31+00:00","modified":"2017-02-10T12:28:38+00:00","statusText":"Resolved"},{"id":"403","title":"Memberhsip Pro, versions before 2.1.1","description":"<p>Joomdonation extensions, Information Disclosure<\/p>\r\n<p><strong>Memberhsip Pro versions before 2.1.1<\/strong><\/p>\r\n<p>Resolution: update to 2.1.1<\/p>\r\n<p>Update notice URL: http:\/\/joomdonation.com\/forum\/membership-pro\/50512-membership-pro-version-2-1-1-released.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/membership-pro\/","recommendation":"update","vulnerable_version":"2.1.0","patch_version":"2.1.1","update_notice":"http:\/\/joomdonation.com\/forum\/membership-pro\/50512-membership-pro-version-2-1-1-released.html","created":"2015-12-25T10:20:31+00:00","modified":"2017-02-10T12:28:15+00:00","statusText":"Resolved"},{"id":"372","title":" Komento 2.0.6, xss","description":"<p>We just released Komento 2.0.7 to address a security issue where a remote attacker may be able to launch an xss attack in prior versions of Komento.<\/p>\r\n<p>\u00a0<\/p>\r\n<p>update notice: https:\/\/stackideas.com\/blog\/important-komento-2-0-7-security-fix<\/p>\r\n<p>\u00a0<\/p>\r\n<p>\u00a0<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/contacts-and-feedback\/articles-comments\/komento\/","vulnerable_version":"2.0.6","patch_version":"2.0.7","update_notice":"https:\/\/stackideas.com\/blog\/important-komento-2-0-7-security-fix","created":"2016-04-28T00:00:00+00:00","modified":"2017-02-10T12:10:45+00:00","statusText":"Resolved"},{"id":"364","title":"joomunited SEO Glossary ,pre 2.2.4,Other","description":"<p>joomunited SEO Glossary , pre 2.2.4,Other<br \/><br \/>Developer statement in mass email to registered users<br \/><strong>We just fixed an SEO Glossary vulnerability, an update to version 2.2.4 is required as soon as possible.<br \/>https:\/\/www.joomunited.com\/changelog\/seo-glossary-changelog<br \/><\/strong>Fix informed by user<br \/><br \/><\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/directory-a-documentation\/glossary\/seo-glossary\/","recommendation":"update","vulnerable_version":"2.2.3","patch_version":"2.2.4","update_notice":"https:\/\/www.joomunited.com\/changelog\/seo-glossary-changelog","created":"2017-02-02T00:00:00+00:00","modified":"2017-02-10T12:05:16+00:00","statusText":"Resolved"},{"id":"197","title":"EasyBlog pre 3.9.15770","description":"<p>EasyBlog<\/p>\r\n<p>Extension Update Details. This fix has been included in EasyBlog 3.9.15770<\/p>\r\n<p><br \/>UpdateNoticeURL<br \/>http:\/\/stackideas.com\/blog\/easyblog-3-9-15770-released<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/easyblog\/","recommendation":"update","vulnerable_version":"3.9.15769","patch_version":"3.9.15770","update_notice":"http:\/\/stackideas.com\/blog\/easyblog-3-9-15770-released","install_data":{"name":"com_easyblog","type":"component","creationDate":"12\/02\/2010","author":"Stack Ideas","copyright":"Copyright 2009-2012 Stack Ideas. All rights reserved","authorUrl":"http:\/\/www.stackideas.com","group":""},"created":"2014-05-16T00:00:00+00:00","modified":"2017-02-10T12:00:02+00:00","statusText":"Resolved"},{"id":"365","title":"EasySocial versions before 1.4.7","description":"<p>EasySocial versions before 1.4.7: Code injection<\/p>\r\n<p>Resolution: update to 1.4.7<\/p>\r\n<p>Update notice: http:\/\/stackideas.com\/blog\/critical-update-for-easysocial-update-to-1-4-7-now<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/easysocial\/","recommendation":"update","vulnerable_version":"1.4.6","patch_version":"1.4.7","update_notice":"http:\/\/stackideas.com\/blog\/critical-update-for-easysocial-update-to-1-4-7-now","created":"2016-01-31T00:00:00+00:00","modified":"2017-02-10T11:49:25+00:00","statusText":"Resolved"},{"id":"278","title":"spider random articles 1.5.0 and previous","description":"<p>spider random articles, all versions prior to 1.5.1 SQL Injection<\/p>\r\n<p>\u00a0<\/p>\r\n<p><span style=\"color: #525252; font-family: Tahoma, sans-serif; font-size: 14.4701128005981px; line-height: 20.2581577301025px; text-align: center;\">Version 1.5.1 is a \"Security Release\" and those who use Random Article version under 1.5.1 should upgrade immediately to the latest version!<\/span><\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/news-display\/articles-display\/spider-random-article\/","vulnerable_version":"1.5.0","patch_version":"1.5.1","update_notice":"https:\/\/web-dorado.com\/products\/joomla-random.html","install_data":{"name":"COM_RAND","type":"component","creationDate":"February 2012","author":"Web-Dorado","copyright":"Copyright (C) 2012 Web-Dorado.com. All rights reserved.","authorUrl":"http:\/\/www.Web-Dorado.com","group":""},"created":"2015-04-07T00:00:00+00:00","modified":"2017-02-10T11:33:01+00:00","statusText":"Resolved"},{"id":"366","title":"Spider random articles before 1.5.3","description":"<p>Spider random articles versions before 1.5.3<\/p>\r\n<p>Resolution: update to 1.5.3<\/p>\r\n<p>Update notice: https:\/\/web-dorado.com\/products\/joomla-random.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/news-display\/articles-display\/spider-random-article\/","recommendation":"update","vulnerable_version":"1.5.2","patch_version":"1.5.3","update_notice":"https:\/\/web-dorado.com\/products\/joomla-random.html","install_data":{"name":"COM_RAND","type":"component","creationDate":"February 2012","author":"Web-Dorado","copyright":"Copyright (C) 2012 Web-Dorado.com. All rights reserved.","authorUrl":"http:\/\/www.Web-Dorado.com","group":""},"created":"2016-02-29T00:00:00+00:00","modified":"2017-02-10T11:29:46+00:00","statusText":"Resolved"},{"id":"400","title":"Jtag Calendar 6.2.4","description":"<p>JTag Calendar versions 6.2.4 and previous<\/p>\r\n<p>Resolution: update to 6.2.5<\/p>\r\n<p>Developer states: Fixed security issue in search functionality<\/p>\r\n<p>Update notice: https:\/\/joomlatag.com\/premium-joomla-extensions\/jtag-calendar-detail.html<\/p>\r\n<p>\u00a0<\/p>\r\n<pre>\u00a0<\/pre>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/calendars-a-events\/events\/jtag-calendar\/","vulnerable_version":"6.2.4","patch_version":"6.2.5","update_notice":"https:\/\/joomlatag.com\/premium-joomla-extensions\/jtag-calendar-detail.html","install_data":{"name":"com_jtagcalendar","type":"component","creationDate":"August 2011","author":"joomlatag.com","copyright":"","authorUrl":"","group":""},"created":"2017-02-09T00:00:00+00:00","modified":"2017-02-09T11:58:26+00:00","statusText":"Resolved"},{"id":"292","title":"Spider Form Maker by Web-Dorado [com_formmaker],3.4 and lower","description":"<p>Spider Form Maker by Web-Dorado [com_formmaker],3.4 and lower,SQL Injection<br \/>Developer statement<\/p>\r\n<p><em>This vulnerability was fixed in version 3.4.1 and above. The version 3.4.1 was released on\u00a02014-09-10<\/em><\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/form-maker\/","vulnerable_version":"3.4.0","patch_version":"3.4.1","created":"2015-04-14T00:00:00+00:00","modified":"2017-02-09T11:41:35+00:00","statusText":"Resolved"},{"id":"367","title":"Form Maker before 3.6.0","description":"<p>Web Dorado Form Maker versions before 3.6.0 XSS<\/p>\r\n<p>Resolution: update to 3.6.0<\/p>\r\n<p>Update notice: https:\/\/web-dorado.com\/products\/joomla-form.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/form-maker\/","patch_version":"3.6.0","update_notice":"https:\/\/web-dorado.com\/products\/joomla-form.html","created":"2016-02-29T00:00:00+00:00","modified":"2017-02-09T11:39:47+00:00","statusText":"Resolved"},{"id":"368","title":"Breezing Forms Lite","description":"<p>Breezing Forms Lite before build 912<\/p>\r\n<p>Information disclosure<\/p>\r\n<p>Resolution: update to latest version<\/p>\r\n<p>Update notice: https:\/\/crosstec.org\/en\/blog\/859-breezingforms-medium-security-update.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/breezing-forms\/","vulnerable_version":"911","patch_version":"912","update_notice":"https:\/\/crosstec.org\/en\/blog\/859-breezingforms-medium-security-update.html","created":"2016-02-29T00:00:00+00:00","modified":"2017-02-09T11:28:54+00:00","statusText":"Resolved"},{"id":"399","title":"Breezing Forms Full","description":"<p>Breezing Forms Full before build 884<\/p>\r\n<p>Information disclosure<\/p>\r\n<p>Resolution: update to latest version<\/p>\r\n<p>Update notice: https:\/\/crosstec.org\/en\/blog\/859-breezingforms-medium-security-update.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/contacts-and-feedback\/forms\/breezing-forms-pro\/","vulnerable_version":"883","patch_version":"884","update_notice":"https:\/\/crosstec.org\/en\/blog\/859-breezingforms-medium-security-update.html","created":"2016-02-29T00:00:00+00:00","modified":"2017-02-09T11:21:57+00:00","statusText":"Resolved"},{"id":"369","title":"JSN Power Admin,2.3.0,XSS (Cross Site Scripting)","description":"<p>JSN Power Admin,2.3.0, XSS (Cross Site Scripting)<\/p>\r\n<p>Resolution: update to 2.3.2<\/p>\r\n<p>Update notice: http:\/\/www.joomlashine.com\/knowledgeportal\/articles\/jsn-poweradmin-vulnerability-problem-solved.html<\/p>\r\n<p>Note that previous security release 2.3.1 is still vulnerable, and should be updated<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/jsn-poweradmin\/","vulnerable_version":"2.3.1","patch_version":"2.3.2","update_notice":"http:\/\/www.joomlashine.com\/knowledgeportal\/articles\/jsn-poweradmin-vulnerability-problem-solved.html","install_data":{"name":"PowerAdmin","type":"component","creationDate":"03\/02\/2016","author":"JoomlaShine.com","copyright":"Copyright (c) 2015 - JoomlaShine.com","authorUrl":"http:\/\/www.joomlashine.com","group":""},"created":"2016-02-29T00:00:00+00:00","modified":"2017-02-09T11:15:03+00:00","statusText":"Resolved"},{"id":"326","title":"User Group FTW For Hikashop,1.1.5,Other","description":"<p>User Group FTW For Hikashop, 1.1.5, Other<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extension\/user-group-ftw-for-hikashop\/","vulnerable_version":"1.1.5","created":"2016-04-07T00:00:00+00:00","modified":"2017-02-07T12:42:49+00:00","statusText":"Live"},{"id":"331","title":" Easy Youtube Gallery , 1.0.2,Information Disclosure","description":"<p>Easy Youtube Gallery , 1.0.2,Information Disclosure<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extension\/social-web\/social-media\/easy-youtube-gallery\/","vulnerable_version":"1.0.2","install_data":{"name":"com_easy_youtube_gallery","type":"component","creationDate":"2012-12-30","author":"moti","copyright":"Copyright (C) 2012. All rights reserved.","authorUrl":"http:\/\/www.extensioncook.com\/","group":""},"created":"2017-02-02T00:00:00+00:00","modified":"2017-02-07T12:36:18+00:00","statusText":"Live"},{"id":"371","title":"gmapfp,3.39f,XSS (Cross Site Scripting)","description":"<p>gmapfp,3.39f and previos,XSS (Cross Site Scripting) Info disclosure, arbitrary fileupload<\/p>\r\n<p>resolution: update to J3.41F<\/p>\r\n<p>update notice:http:\/\/gmapfp.org\/en\/news-of-gmapfp\/39-strengthening-of-the-security-component<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/maps-a-weather\/maps-a-locations\/gmapfp-google-map\/","recommendation":"update","vulnerable_version":"3.39","patch_version":"3.41","update_notice":"http:\/\/gmapfp.org\/en\/news-of-gmapfp\/39-strengthening-of-the-security-component","install_data":{"name":"COM_GMAPFP","type":"component","creationDate":"Avril 2016","author":"Fabrice4821","copyright":"All rights reserved","authorUrl":"http:\/\/www.gmapfp.org","group":""},"created":"2016-04-24T00:00:00+00:00","modified":"2017-02-07T12:33:30+00:00","statusText":"Resolved"},{"id":"357","title":"Komento, 2.0.4 and previous, XSS (Cross Site Scripting)","description":"<p>Stackideas Komento, prior to 2.0.5, XSS (Cross Site Scripting)<\/p>\r\n<p>Resolved in version 2.0.5<\/p>\r\n<p>Update notice:\u00a0<span style=\"font-size: 12.16px; line-height: 15.808px;\">http:\/\/stackideas.com\/changelog\/komento?version=2.0.5\u00a0<\/span><\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extensions\/extension\/contacts-and-feedback\/articles-comments\/komento\/","vulnerable_version":"2.0.4","patch_version":"2.0.5","created":"2015-10-07T00:00:00+00:00","modified":"2017-02-07T12:23:52+00:00","statusText":"Resolved"},{"id":"332","title":"Yeeditor, abandonware","description":"<p>Yeeditor from Yeedeen<\/p>\r\n<p>development apparently abandoned, developer's site is infected with malware<\/p>\r\n<p>All versions prior to 1.0.7 contain file upload vulnerability<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extension\/edition\/editors\/yeeditor\/","recommendation":"uninstall","install_data":{"name":"PLG_EDITORS_YEEDITOR","type":"plugin","creationDate":"DEC 6 2013","author":"YEEDEEN","copyright":"Copyright (C) 2013","authorUrl":"http:\/\/yeeditor.com","group":""},"created":"2016-05-06T00:00:00+00:00","modified":"2017-02-07T11:52:00+00:00","statusText":"Live"},{"id":"373","title":"mod fancy tag cloud,1.017,Other","description":"<p>mod fancy tag cloud (com_offlajn_installer),1.017,Other<\/p>\r\n<p>resolution: update to version 1.020<\/p>\r\n<p>update notice: http:\/\/fancytagcloud.demo.offlajn.com\/index.php\/security-update<\/p>\r\n<p>existing users may also need to fix folder permissions, please contact the developer for further information<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/search-a-indexing\/tags-a-clouds\/fancy-tagcloud\/","vulnerable_version":"1.017","patch_version":"1.020","update_notice":"http:\/\/fancytagcloud.demo.offlajn.com\/index.php\/security-update","install_data":{"name":"Fancy TagCloud","type":"module","creationDate":"2014-01-09","author":"Jeno Kovacs","copyright":"Copyright (C) Offlajn.com","authorUrl":"http:\/\/offlajn.com","group":""},"created":"2016-05-21T00:00:00+00:00","modified":"2017-02-07T11:41:45+00:00","statusText":"Resolved"},{"id":"374","title":"SecurityCheck and SecurityCheck Pro Vulnerable Versions: 2.8.9","description":"<p>Stored XSS and SQL Injection in SecurityCheck and SecurityCheck Pro Vulnerable Versions: 2.8.9 (possibly below)<\/p>\r\n<p>resolution: update to version 2.8.10<\/p>\r\n<p>update notice: https:\/\/securitycheck.protegetuordenador.com\/index.php\/downloads\/securitycheck-j3x<\/p>\r\n<p>\u00a0<\/p>\r\n<p>\u00a0<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/securitycheck\/","vulnerable_version":"2.8.9","patch_version":"2.8.10","update_notice":"https:\/\/securitycheck.protegetuordenador.com\/index.php\/downloads\/securitycheck-j3x","install_data":{"name":"Securitycheck","type":"component","creationDate":"23-05-2016","author":"Jose A. Luque","copyright":"Copyright www.protegetuordenador.com","authorUrl":"http:\/\/www.protegetuordenador.com","group":""},"created":"2016-06-02T00:00:00+00:00","modified":"2017-02-07T11:32:43+00:00","statusText":"Resolved"},{"id":"378","title":"Universal AJAX Live Search, 5.4.0, Other","description":"<p>Universal AJAX Live Search 5.4.0, Other.<br \/>Inadequate permissions<br \/><br \/>Developer states:<\/p>\r\n<ul>\r\n<li>Extension Update Details<\/li>\r\n<li>Folders permissions vulnerability fixed.<\/li>\r\n<\/ul>\r\n<p>Resolution: update to versio 5.4.2<\/p>\r\n<p><br \/>UpdateNoticeURL<br \/>http:\/\/universalajaxlivesearch.demo.offlajn.com\/index.php\/simple-theme\/security-update<\/p>\r\n","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/search-a-indexing\/site-search\/universal-ajax-live-search\/","vulnerable_version":"5.4.0","patch_version":"5.4.2","update_notice":"http:\/\/universalajaxlivesearch.demo.offlajn.com\/index.php\/simple-theme\/security-update","created":"2016-06-24T00:00:00+00:00","modified":"2017-02-07T11:21:30+00:00","statusText":"Resolved"},{"id":"380","title":"Payplans SQLi","description":"<p>SQL Injection In PayPlans. (readybytes)<br \/>developer update notice.<br \/>http:\/\/www.readybytes.net\/blog\/item\/payplans-sql-injection-blog.html<br \/><br \/>Community notified report<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/payplans\/","update_notice":"http:\/\/www.readybytes.net\/blog\/item\/payplans-sql-injection-blog.html","created":"2016-07-26T00:00:00+00:00","modified":"2017-02-07T11:11:04+00:00","statusText":"Resolved"},{"id":"141","title":"k2, 2.6.6, Open Folder Permissions","description":"<p>k2, Open folder permissions<\/p>\r\n<p>developer notice http:\/getk2.org\/blog\/1432-k2-v267-released-akismet-integrated-new-acl-option-improved-php-54-support<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/k2\/","vulnerable_version":"2.6.6","patch_version":"2.6.7","update_notice":"http:\/getk2.org\/blog\/1432-k2-v267-released-akismet-integrated-new-acl-option-improved-php-54-support","created":"2013-07-03T00:00:00+00:00","modified":"2017-02-07T11:00:05+00:00","statusText":"Resolved"},{"id":"386","title":"ja-k2- filter-and- search, SQL Injection","description":"<p>ja-k2- filter-and- search, version 1.2.2 and all previous<\/p>\r\n<p>SQL Injection<\/p>\r\n<p>Resolution: update to 1.2.5<\/p>\r\n<p>Update notice:\u00a0https:\/\/www.joomlart.com\/updates\/joomla-extensions\/important-security-fix-release-ja-k2-filter-component?utm_source=newsletter&utm_medium=email&utm_campaign=k2filtercritical<\/p>\r\n<p>Note that developer did not inform the VEL<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/extension-specific\/k2-extensions\/ja-k2-filter-and-search\/","vulnerable_version":"1.2.2","patch_version":"1.2.5","update_notice":"https:\/\/www.joomlart.com\/updates\/joomla-extensions\/important-security-fix-release-ja-k2-filter-component?utm_source=newsletter&utm_medium=email&utm_campaign=k2filtercritica","install_data":{"name":"com_jak2filter","type":"component","creationDate":"Oct 2015","author":"JoomlArt","copyright":"Copyright (C), J.O.O.M Solutions Co., Ltd. All Rights Reserved.","authorUrl":"http:\/\/www.joomlart.com","group":""},"created":"2016-10-20T00:00:00+00:00","modified":"2017-02-07T10:59:22+00:00","statusText":"Resolved"},{"id":"200","title":"K2 Content Extension, 2.6.8,","description":"<p>K2 Content Extension, 2.6.8, XSS (Cross Site Scripting)<\/p>\r\n<p>resolution update to version 2.6.9<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/k2\/","vulnerable_version":"2.6.8","patch_version":"2.6.9","update_notice":"https:\/\/getk2.org\/blog\/2254-k2-v269-released","install_data":{"name":"K2","type":"component","creationDate":"February 28th, 2014","author":"JoomlaWorks","copyright":"Copyright (c) 2006 - 2014 JoomlaWorks Ltd. All rights reserved.","authorUrl":"www.joomlaworks.net","group":""},"created":"2014-06-08T00:00:00+00:00","modified":"2017-02-07T10:58:05+00:00","statusText":"Resolved"},{"id":"381","title":"K2,2.7.0,XSS (Cross Site Scripting)","description":"<p>K2,2.7.0,XSS (Cross Site Scripting)<\/p>\r\n<p>resolution: update to 2.7.1<\/p>\r\n<p>update notice url: https:\/\/getk2.org\/blog\/2571-k2-v271-released<\/p>\r\n<p>Note that the VEL do not agree with the developer's assessment that XSS vulnerability is low priority<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/k2\/","vulnerable_version":"2.7.0","patch_version":"2.7.1","update_notice":"https:\/\/getk2.org\/blog\/2571-k2-v271-released","install_data":{"name":"K2","type":"component","creationDate":"March 16th, 2016","author":"JoomlaWorks","copyright":"Copyright (c) 2006 - 2016 JoomlaWorks Ltd. All rights reserved.","authorUrl":"www.joomlaworks.net","group":""},"created":"2016-08-03T00:00:00+00:00","modified":"2017-02-07T10:43:53+00:00","statusText":"Resolved"},{"id":"382","title":"nitroslider,1.0.0","description":"<p>nitroslider,1.0.0 open folder permissions<\/p>\r\n<p>update to 1.0.1<\/p>\r\n<p>update notice: https:\/\/www.themechoice.com\/joomla-extensions\/nitro-layer-slider<\/p>","status":"2","vulnerable_version":"1.0.0","patch_version":"1.0.1","install_data":{"name":"com_nitro_layer_slider","type":"component","creationDate":"2016-06-03","author":"ThemeChoice.com","copyright":"Copyright (C) 2015 - ThemeChoice.com","authorUrl":"http:\/\/themechoice.com","group":""},"created":"2016-08-13T00:00:00+00:00","modified":"2017-02-07T10:39:39+00:00","statusText":"Resolved"},{"id":"338","title":"aceftp,unknown version,Other","description":"<p>aceftp [abandonware],unknown, Download Permssion <br \/>Extension not currently under development, probably all versions affected<\/p>","status":"1","created":"2016-08-17T00:00:00+00:00","modified":"2017-02-07T10:32:41+00:00","statusText":"Live"},{"id":"158","title":"event registration pro","description":"<p>event registration pro, , SQL Injection<\/p>\r\n<p><br \/>UpdateNoticeURL: http:\/\/www.joomlashowroom.com\/blog\/security-and-bug-release-for-all-versions-of-event-registration-pro<\/p>\r\n<p>affects versions prior to 3.0.1 (Joomla 3)<\/p>\r\n<p>prior to 2.5.6 (Joomla 2.5)<\/p>\r\n<p>prior to 1.5.22 (Joomla 1.5)<\/p>\r\n","status":"2","jed":"http:\/\/www.joomlashowroom.com\/blog\/security-and-bug-release-for-all-versions-of-event-registration-pro","patch_version":"3.0.1","created":"2013-10-21T00:00:00+00:00","modified":"2017-02-03T14:14:52+00:00","statusText":"Resolved"},{"id":"383","title":"Event Registration Pro,3.2.12 - 3.2.10,SQL Injection","description":"<p>Event Registration Pro,3.2.12 - 3.2.10,SQL Injection<\/p>\r\n<p>resolution: update to 3.2.13<\/p>\r\n<p>update notice: https:\/\/www.joomlashowroom.com\/blog\/event-registration-pro-3-2-13-released-security-release<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/calendars-a-events\/events\/event-registration-pro\/?com_jed_review_173_limitstart=60","start_version":"3.2.10","vulnerable_version":"3.2.12","patch_version":"3.2.13","update_notice":"https:\/\/www.joomlashowroom.com\/blog\/event-registration-pro-3-2-13-released-security-release","created":"2016-08-18T00:00:00+00:00","modified":"2017-02-03T14:09:31+00:00","statusText":"Resolved"},{"id":"384","title":"J-BusinessDirectory 4.5.4 and previous","description":"<p>J-BusinessDirectory 4.5.4 and previous sql injection<\/p>\r\n<p>resolution: update to 4.5.5<\/p>\r\n<p>update notice: http:\/\/www.cmsjunkie.com\/blog\/joomla_business_directory_4-5-5_release\/<\/p>","status":"2","vulnerable_version":"4.5.4","patch_version":"4.5.5","update_notice":"http:\/\/www.cmsjunkie.com\/blog\/joomla_business_directory_4-5-5_release\/","install_data":{"name":"JBusinessDirectory","type":"component","creationDate":"November 2011","author":"CMSJunkie","copyright":"(C) CMSJunkie. All rights reserved.","authorUrl":"www.cmsjunkie.com","group":""},"created":"2016-08-19T00:00:00+00:00","modified":"2017-02-03T13:03:30+00:00","statusText":"Resolved"},{"id":"385","title":"Huge IT Portfolio Gallery 1.0.7 and previous","description":"<p>Huge IT Portfolio Gallery 1.0.7 and previous<\/p>\r\n<p>Security updates connected with CSRF and XSS<\/p>\r\n<p>resolution: update to 1.1.0<\/p>\r\n<p>\u00a0<\/p>","status":"2","vulnerable_version":"1.0.8","patch_version":"1.1.0","install_data":{"name":"COM_PORTFOLIOGALLERY","type":"component","creationDate":"January 2015","author":"Huge-IT","copyright":"Copyright (C) 2013 Huge-IT.com 2013. All rights reserved.","authorUrl":"http:\/\/www.huge-it.com","group":""},"created":"2016-08-31T00:00:00+00:00","modified":"2017-02-03T12:51:34+00:00","statusText":"Resolved"},{"id":"340","title":"Huge IT Googlemaps,1.0.9,SQL Injection","description":"<p>Huge IT Googlemaps,1.0.9, Multiple SQL Injection vulnerabilities<\/p>","status":"1","vulnerable_version":"1.0.9","install_data":{"name":"COM_GOOGLEMAPS","type":"component","creationDate":"October 2015","author":"Huge-IT","copyright":"Copyright (C) 2013 Huge-IT.com 2013. All rights reserved.","authorUrl":"http:\/\/www.huge-it.com","group":""},"created":"2016-09-26T00:00:00+00:00","modified":"2017-02-03T12:44:27+00:00","statusText":"Live"},{"id":"379","title":"Huge IT gallery,1.1.5,SQL Injection","description":"<p>Huge IT gallery,1.1.5,SQL Injection<\/p>\r\n<p>resolution: update to 1.1.9<\/p>\r\n<p>\u00a0<\/p>","status":"2","vulnerable_version":"1.1.5","patch_version":"1.1.9","install_data":{"name":"COM_GALLERY","type":"component","creationDate":"January 2015","author":"Huge-IT","copyright":"Copyright (C) 2013 Huge-IT.com 2013. All rights reserved.","authorUrl":"http:\/\/www.huge-it.com","group":""},"created":"2017-02-02T00:00:00+00:00","modified":"2017-02-03T12:39:55+00:00","statusText":"Resolved"},{"id":"388","title":"JoomDoc 4.0.3 and previous","description":"<p>JoomDoc 4.0.3 and previous information disclosure<\/p>\r\n<p>resolution: update to 4.0.4<\/p>\r\n<p>update notice: http:\/\/www.artio.net\/newsflash\/joomdoc-404-release<\/p>\r\n<p>\u00a0<\/p>\r\n<p>\u00a0<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/directory-a-documentation\/downloads\/joomdoc\/","recommendation":"update","vulnerable_version":"4.0.3","patch_version":"4.0.4","update_notice":"http:\/\/www.artio.net\/newsflash\/joomdoc-404-release","created":"2016-11-11T00:00:00+00:00","modified":"2017-02-03T12:03:01+00:00","statusText":"Resolved"},{"id":"390","title":"JS Jobs,1.1.5 and all previous,SQL Injection","description":"<p>JS Jobs,1.1.5 and all previous,SQL Injection<\/p>\r\n<p>Resolution: update to version 1.1.6<\/p>\r\n<p>Update notice: https:\/\/www.joomsky.com\/products\/js-jobs.html#five<\/p>\r\n<p>\u00a0<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/js-jobs\/","recommendation":"update","vulnerable_version":"1.1.5","patch_version":"1.1.6","update_notice":"https:\/\/www.joomsky.com\/products\/js-jobs.html#five","install_data":{"name":"COM_JSJOBS","type":"component","creationDate":"Aug 20th, 2016","author":"Joom Sky","copyright":"Copyright (c) 2014. All rights reserved.","authorUrl":"","group":""},"created":"2016-12-06T00:00:00+00:00","modified":"2017-02-03T11:58:37+00:00","statusText":"Resolved"},{"id":"346","title":"AVChat Video Chat Integration Kit, File permissions","description":"<p>AVChat Video Chat Integration Kit, File permissions<\/p>\r\n","status":"1","created":"2016-12-06T18:27:26+00:00","modified":"2017-02-03T11:51:33+00:00","statusText":"Live"},{"id":"391","title":"aWeb Cart Watching System 2.6.0","description":"<p>aWeb Cart Watching System for Virtuemart versions 2.6.0 and previous<\/p>\r\n<p>SQL injection<\/p>\r\n<p>Resolution: update to 2.6.1<\/p>\r\n<p>Update Notice: http:\/\/awebsupport.com\/<\/p>","status":"2","cve_id":"CVE-2016-10114","risk_level":"high","recommendation":"update","cvss30_base_score":"7.50","vulnerable_version":"2.6.0","patch_version":"2.6.1","update_notice":"http:\/\/awebsupport.com\/","created":"2016-12-21T00:00:00+00:00","modified":"2017-02-03T11:46:50+00:00","statusText":"Resolved"},{"id":"392","title":"DT Register, sql\/xss, 3.1.12 \/ 2.8.18 and previous","description":"<p>DT Register Vulnerable version: 3.1.12 \/ 2.8.18 and previous sql\/xss<\/p>\r\n<p>http:\/\/www.dthdevelopment.com\/dth-news\/dt-register-3.1.13-security-release.html<\/p>\r\n<p><a>http:\/\/www.dthdevelopment.com\/joomla-components\/dt-register-event-registration-for-joomla.html<\/a><\/p>\r\n<p>developer did not inform VEL<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/dt-register\/","vulnerable_version":"3.1.12","patch_version":"3.1.13","update_notice":"http:\/\/www.dthdevelopment.com\/dth-news\/dt-register-3.1.13-security-release.html","created":"2016-12-19T00:00:00+00:00","modified":"2017-02-02T17:31:40+00:00","statusText":"Resolved"},{"id":"347","title":"JMS Support Online module, 2.0.0, XSS (Cross Site Scripting)","description":"<p>JMS Support Online module,2.0.0,XSS (Cross Site Scripting)<\/p>","status":"1","jed":"https:\/\/extensions.joomla.org\/extension\/jms-support-online\/","vulnerable_version":"2.0.0","install_data":{"name":"JMS Support Online","type":"module","creationDate":"May 2013","author":"JoomMasterS","copyright":"Joommasters.com","authorUrl":"joommasters.com","group":""},"created":"2016-12-28T00:00:00+00:00","modified":"2017-02-02T17:26:04+00:00","statusText":"Live"},{"id":"394","title":"AcyMailing 5.6.0 PHP Mailer vulnerability","description":"<p>AcyMailing 5.6.0 and previous versions include PHP Mailer library vulnerable to CVE-2016-10033 and CVE-2016-10045<\/p>\r\n<p>Resolution: update to 5.6.1<\/p>\r\n<p>Update notice: https:\/\/www.acyba.com\/68-acymailing-changelog.html<\/p>\r\n<p>\u00a0<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/acymailing-starter\/","vulnerable_version":"5.6.0","patch_version":"5.6.1","update_notice":"https:\/\/www.acyba.com\/68-acymailing-changelog.html","created":"2016-12-28T00:00:00+00:00","modified":"2017-02-02T17:21:43+00:00","statusText":"Resolved"},{"id":"395","title":"Chronoforms 5.0.13 PHP mailer vulnerability","description":"<p>Chronoforms 5.0.13 and previous versions include\u00a0 PHP Mailer library vulnerable to CVE-2016-10045<\/p>\r\n<p>Resolution: update to 5.0.14<\/p>\r\n<p>Update notice: https:\/\/www.chronoengine.com\/forums\/posts\/t102804\/p363944\/phpmailer-library.html<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/chronoforms\/","cve_id":"CVE-2016-10045","recommendation":"update","vulnerable_version":"5.0.13","patch_version":"5.0.14","update_notice":" https:\/\/www.chronoengine.com\/forums\/posts\/t102804\/p363944\/phpmailer-library.html","install_data":{"name":"com_chronoforms5","type":"component","creationDate":"December 2016","author":"ChronoEngine.com","copyright":"ChronoEngine.com 2016","authorUrl":"www.chronoengine.com","group":""},"created":"2016-12-30T00:00:00+00:00","modified":"2017-02-02T17:18:10+00:00","statusText":"Resolved"},{"id":"393","title":"Chronoforms 5.0.12 PHP mailer vulnerability","description":"<p>Chronoforms 5.0.12 and previous versions include\u00a0 PHP Mailer library vulnerable to CVE-2016-10033<\/p>\r\n<p>Resolution: update to 5.0.13<\/p>\r\n<p>Update notice: https:\/\/www.chronoengine.com\/forums\/posts\/t102804\/p363944\/phpmailer-library.html<\/p>\r\n<p>\u00a0<\/p>\r\n<p>\u00a0<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/chronoforms\/","cve_id":"CVE-2016-10033","vulnerable_version":"5.0.12","patch_version":"5.013","update_notice":"https:\/\/www.chronoengine.com\/forums\/posts\/t102804\/p363944\/phpmailer-library.html","install_data":{"name":"com_chronoforms5","type":"component","creationDate":"July 2016","author":"ChronoEngine.com","copyright":"ChronoEngine.com 2016","authorUrl":"www.chronoengine.com","group":""},"created":"2016-12-27T00:00:00+00:00","modified":"2017-02-02T17:17:29+00:00","statusText":"Resolved"},{"id":"1","title":"Community Builder versions 2.1 and previous","description":"<p>Community Builder Versions 2.1.0 and previous contain versions of 3rd party libraries with known vulnerabilities: PHPMailer and Guzzle<\/p>\r\n<p>Release 2.1.1<\/p>\r\n<ul>\r\n<li>updates to version 5.2.22 of PHP Mailer<\/li>\r\n<li>provides custom fix for Guzzle library<\/li>\r\n<\/ul>\r\n<p>Developer states that this is precautionary only, and that these vulnerabilities are not normally exploitable within Community Builder see full security statement for further details: https:\/\/www.joomlapolis.com\/news\/18719-security-statement-cb-2-1-1<\/p>\r\n<p>\u00a0<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/community-builder\/","vulnerable_version":"2.1.0","patch_version":"2.1.1","update_notice":"https:\/\/www.joomlapolis.com\/news\/18719-security-statement-cb-2-1-1","install_data":{"name":"Community Builder Package","type":"package","creationDate":"2016-12-28","author":"CB Team","copyright":"Copyright (C) 2004-2016 www.joomlapolis.com \/ Lightning MultiCom SA - and its licensors, all rights reserved","authorUrl":"http:\/\/www.joomlapolis.com\/","group":""},"created":"2017-02-02T00:00:00+00:00","modified":"2017-02-02T17:10:02+00:00","statusText":"Resolved"},{"id":"396","title":"Jomres 9.8.22 and previous PHPMailer vulnerability","description":"<p>Jomres versions 9.8.20 and previous contain PHP Mailer library vulnerable to CVE-2016-10033<\/p>\r\n<p>Jomres versions 9.8.22 and previous contain PHP Mailer library vulnerable to CVE-2016-10045<\/p>\r\n<p>Resolution: update to version 9.8.24<\/p>\r\n<p>Update notice: http:\/\/updates.jomres4.net\/CHANGELOG_JOMRES<\/p>\r\n<p>\u00a0<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/jomres\/","cve_id":"CVE-2016-10033, CVE-2016-10045","vulnerable_version":"9.8.22","patch_version":"9.8.24","update_notice":"http:\/\/updates.jomres4.net\/CHANGELOG_JOMRES","created":"2016-12-31T00:00:00+00:00","modified":"2017-02-02T16:53:54+00:00","statusText":"Resolved"},{"id":"189","title":"ActiveHelper LiveHelp, 3.2.0, sqli","description":"<p>ActiveHelper LiveHelp, 3.2.0, SQL Injection<br \/>We already updated the LiveHelp Server to the version 3.3.0 that include a security patch that fixes the reported issue. We also include a few improvements on other units.<br \/> \u00a0<br \/> Update Notice URL<br \/> \u00a0<br \/>http:\/\/www.activehelper.com\/kunena\/7-news-announcements-a-tutorials\/11846-livehelp-server-ver-3-3-0-for-joomla-1-5-2-5-3<span class=\"HOEnZb\"><span style=\"color: #888888;\"><br \/><\/span><\/span><\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/extension\/communication\/live-support\/activehelper-livehelp\/","vulnerable_version":"3.2.0","patch_version":"3.3.0","update_notice":"http:\/\/www.activehelper.com\/kunena\/7-news-announcements-a-tutorials\/11846-livehelp-server-ver-3-3-0-for-joomla-1-5-2-5-3","created":"2014-03-03T00:00:00+00:00","modified":"2017-02-02T13:03:52+00:00","statusText":"Resolved"},{"id":"389","title":"Kunena,K4.0.0 - K5.0.3,XSS (Cross Site Scripting)","description":"<p>Kunena,K4.0.0 - K5.0.3,XSS (Cross Site Scripting)<\/p>\r\n<p>Resolution: update to 5.0.4<\/p>\r\n<p>update notice:https:\/\/www.kunena.org\/blog\/179-kunena-5-0-4-released<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/profile\/extension\/communication\/forum\/kunena\/","recommendation":"update","start_version":"4.0.0","vulnerable_version":"5.0.3","patch_version":"5.0.4","update_notice":"https:\/\/www.kunena.org\/blog\/179-kunena-5-0-4-released","install_data":{"name":"Kunena Forum Package","type":"package","creationDate":"2016-10-23","author":"Kunena Team","copyright":"(C) 2008 - 2016 Kunena Team. All rights reserved.","authorUrl":"http:\/\/www.kunena.org","group":""},"created":"2016-11-26T00:00:00+00:00","modified":"2017-02-02T13:00:09+00:00","statusText":"Resolved"},{"id":"375","title":"kunena,4.0.10,Information Disclosure","description":"<p>kunena,4.0.10,Information Disclosure<\/p>\r\n<p>\u00a0<\/p>\r\n<p>Developers update link<\/p>\r\n<p>https:\/\/www.kunena.org\/blog\/166-kunena-4-0-11-released<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/profile\/extension\/communication\/forum\/kunena\/","recommendation":"update","vulnerable_version":"4.0.10","patch_version":"4.0.11","update_notice":"https:\/\/www.kunena.org\/blog\/166-kunena-4-0-11-released","created":"2017-02-02T00:00:00+00:00","modified":"2017-02-02T12:59:14+00:00","statusText":"Resolved"},{"id":"294","title":"Kunena,3.0.7 and previous","description":"<p>Kunena,3.0.7 and previous,Other<\/p>\r\n<p>Resolution: update to 3.0.8<\/p>\r\n<p>Update notice url: http:\/\/www.kunena.org\/blog\/143-kunena-3-0-8-released<\/p>\r\n<p>Note that the developer did not inform the VEL<\/p>\r\n<p>\u00a0<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/profile\/extension\/communication\/forum\/kunena\/","recommendation":"update","vulnerable_version":"3.0.7","patch_version":"3.0.8","update_notice":"http:\/\/www.kunena.org\/blog\/143-kunena-3-0-8-released","created":"2015-04-19T00:00:00+00:00","modified":"2017-02-02T12:57:30+00:00","statusText":"Resolved"},{"id":"341","title":"Kunena 4.0.2 xss resolution","description":"<p>This version is a security release and addresses most of the important issues that were discovered in K 4.0.1<br \/>Developer update statement http:\/\/www.kunena.org\/blog\/149-kunena-4-0-2-released<br \/>developer\u00a0 @kunena did not inform VEL<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/profile\/extension\/communication\/forum\/kunena\/","recommendation":"update","vulnerable_version":"4.0.1","patch_version":"4.0.2","update_notice":"http:\/\/www.kunena.org\/blog\/149-kunena-4-0-2-released","created":"2015-06-27T00:00:00+00:00","modified":"2017-02-02T12:54:21+00:00","statusText":"Resolved"},{"id":"206","title":"kunena 3.0.5 XSS and SQL Injection","description":"<p>kunena 3.0.5 <strong>XSS and SQL Injection<\/strong><\/p>\r\n<p>Update notice http:\/\/www.kunena.org\/blog\/139-kunena-3-0-6-released<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/profile\/extension\/communication\/forum\/kunena\/","recommendation":"update","vulnerable_version":"3.0.5","patch_version":"3.0.6","update_notice":"http:\/\/www.kunena.org\/blog\/139-kunena-3-0-6-released","install_data":{"name":"Kunena Forum Package","type":"package","creationDate":"2014-03-09","author":"Kunena Team","copyright":"(C) 2008 - 2013 Kunena Team. All rights reserved.","authorUrl":"http:\/\/www.kunena.org","group":""},"created":"2014-08-04T00:00:00+00:00","modified":"2017-02-02T12:53:24+00:00","statusText":"Resolved"},{"id":"397","title":"Kunena, 5.0.2 and newer, XSS (Cross Site Scripting)","description":"<p>Kunena,5.0.2 and newer,XSS (Cross Site Scripting)<\/p>\r\n<p>resolutiion: update to 5.0.5<\/p>\r\n<p>update notice: https:\/\/www.kunena.org\/forum\/announcement\/id-107<\/p>\r\n<p>\u00a0<\/p>","status":"2","jed":"https:\/\/extensions.joomla.org\/profile\/extension\/communication\/forum\/kunena\/","recommendation":"update","start_version":"5.0.2","vulnerable_version":"5.0.4","patch_version":"5.0.5","update_notice":"https:\/\/www.kunena.org\/forum\/announcement\/id-107","install_data":{"name":"Kunena Forum Package","type":"package","creationDate":"2016-10-23","author":"Kunena Team","copyright":"(C) 2008 - 2016 Kunena Team. All rights reserved.","authorUrl":"http:\/\/www.kunena.org","group":""},"created":"2017-01-04T00:00:00+00:00","modified":"2017-02-02T12:52:55+00:00","statusText":"Resolved"},{"id":"351","title":"RSMonials,2.2 and previous,XSS (Cross Site Scripting)","description":"<p>RSMonials, 2.2 and previous versions, XSS (Cross Site Scripting) also insecure file upload<\/p>","status":"1","risk_level":"high","cvss30_base":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/U","cvss30_base_score":"7.50","install_data":{"name":"COM_RSMONIALS","type":"component","creationDate":"December 2013","author":"RS Web Solutions","copyright":"Copyright (c) 2013-2022 RS Web Solutions - Development Team","authorUrl":"http:\/\/www.rswebsols.com","group":""},"created":"2017-01-11T00:00:00+00:00","modified":"2017-02-02T12:28:43+00:00","statusText":"Live"},{"id":"281","title":"Master Password, ","description":"<p>Master Password, 1.5 and any previous, Information Disclosure<\/p>\r\n<p>This extension appears to have been abandoned by the developer<\/p>\r\n","status":"1","created":"2013-06-01T21:29:26+00:00","modified":"2016-08-19T17:34:51+00:00","statusText":"Live"},{"id":"321","title":"Art Pretty Photo [artprettyphoto],1.9.21 and below,XSS (Cross Site Scripting)","description":"<p>Art Pretty Photo [artprettyphoto], 1.9.21 and below, XSS (Cross Site Scripting)<\/p>\r\n","status":"2","created":"2015-06-20T15:22:46+00:00","modified":"2015-10-29T11:17:33+00:00","statusText":"Resolved"},{"id":"244","title":"HDFLVPlayer 2.2 and previous","description":"<p>HDFLVPlayer versions 2.2 and all previous<\/p>\r\n<p>Email exploit<\/p>\r\n<p> <\/p>\r\n<h3>Version 2.3<\/h3>\r\n<ul class=\"gen_features change_log\">\r\n<li><em> Fixed SQL injection in download.php file.<\/em><a href=\"https:\/\/www.apptha.com\/category\/extension\/Joomla\/HD-FLV-Player\">https:\/\/www.apptha.com\/category\/extension\/Joomla\/HD-FLV-Player<\/a><\/li>\r\n<\/ul>\r\n<h3>Version 2.2<\/h3>\r\n<ul class=\"gen_features change_log\">\r\n<li><em> Resolved cross domain issue in download.php & email.php files.<\/em><\/li>\r\n<\/ul>","status":"2","created":"2014-12-09T13:50:00+00:00","modified":"2015-09-11T17:00:43+00:00","statusText":"Resolved"},{"id":"245","title":"HDFLVPlayer 2.2 + previous","description":"<p>Joomla HDFLVPlayer plugin versions 2.2 and previous<\/p>\r\n<p>SQL Injection<\/p>\r\n<h3>Version 2.3<\/h3>\r\n<ul class=\"gen_features change_log\">\r\n<li><em> Fixed SQL injection in download.php file.<\/em><a href=\"https:\/\/www.apptha.com\/category\/extension\/Joomla\/HD-FLV-Player\">https:\/\/www.apptha.com\/category\/extension\/Joomla\/HD-FLV-Player<\/a><\/li>\r\n<\/ul>\r\n<p> <\/p>\r\n<h3>Version 2.2<\/h3>\r\n<ul class=\"gen_features change_log\">\r\n<li><em> Resolved cross domain issue in download.php & email.php files.<\/em><\/li>\r\n<\/ul>","status":"2","created":"2014-12-09T17:07:41+00:00","modified":"2015-09-11T16:59:53+00:00","statusText":"Resolved"},{"id":"308","title":"swmenufree, v8.3 ,Other","description":"<p>swmenufree, swMenuFree 8.3 for Joomla 2.5.x and 3.x <span class=\"indicators\"> , other<\/span><\/p>\r\n<p>Resolution: update to version 8.5<\/p>\r\n<p>Update notice: http:\/\/www.swmenupro.com\/downloads\/swmenufree.html?view=document&id=1<\/p>\r\n","status":"2","created":"2015-06-01T18:25:24+00:00","modified":"2015-07-01T12:26:34+00:00","statusText":"Resolved"},{"id":"322","title":"JB Library [jblibrary], 2.1.5 and below, XSS (Cross Site Scripting)","description":"<p>JB Library, 2.1.5 and below, XSS (Cross Site Scripting)<\/p>\r\n","status":"2","created":"2015-06-20T16:49:52+00:00","modified":"2015-06-23T15:10:47+00:00","statusText":"Resolved"},{"id":"327","title":"Zen Library [zen], 1.0.2 and below, XSS (Cross Site Scripting)","description":"<p>Zen Library [zen], 1.0.2, XSS (Cross Site Scripting)<\/p>\r\n","status":"2","created":"2015-06-20T16:54:24+00:00","modified":"2015-06-23T15:07:16+00:00","statusText":"Resolved"},{"id":"335","title":"Simple Image Gallery PRO, 3.0.7 and below, XSS (Cross Site Scripting)","description":"<p>Simple Image Gallery PRO [plg_content_jw_sigpro], 3.0.7 and below, XSS (Cross Site Scripting)<\/p>\r\n","status":"2","created":"2015-06-22T19:29:05+00:00","modified":"2015-06-22T19:35:21+00:00","statusText":"Resolved"},{"id":"315","title":"pPGallery [plg_content_ppgallery], 4.315, XSS (Cross Site Scripting)","description":"<p>pPGallery\u00a0[plg_content_ppgallery], 4.315, XSS (Cross Site Scripting)<\/p>\r\n","status":"2","created":"2015-06-20T14:41:04+00:00","modified":"2015-06-22T19:19:59+00:00","statusText":"Resolved"},{"id":"314","title":"StarLite Pretty Photo [plg_system_slprettyphoto],1.2, XSS (Cross Site Scripting)","description":"<p>StarLite Pretty Photo [plg_system_slprettyphoto], 1.2 and below, XSS (Cross Site Scripting)<\/p>\r\n","status":"2","created":"2015-06-20T13:30:22+00:00","modified":"2015-06-22T19:19:48+00:00","statusText":"Resolved"},{"id":"301","title":"\"J-ClassifiedsManager\" by CMSjunkie","description":"<p>\"J-ClassifiedsManager\" by CMSjunkie, versions before 2.1.0, SQL injection<\/p>\r\n<p>Resolution<\/p>\r\n<p>Update to 2.1.0<\/p>\r\n<p>UpdateNoticeURL<br \/>http:\/\/www.cmsjunkie.com\/blog\/joomla-classifieds-manager-2-1-0-release\/<\/p>\r\n","status":"2","created":"2015-04-25T18:28:38+00:00","modified":"2015-06-22T19:18:41+00:00","statusText":"Resolved"},{"id":"304","title":"Escope PrettyPhoto [mod_escope_pp], 1.0.3, XSS (Cross Site Scripting) - abandonware!","description":"<p>Escope PrettyPhoto [mod_escope_pp], 1.0.3 and below, XSS (Cross Site Scripting)<\/p>\r\n","status":"1","created":"2015-06-20T14:13:42+00:00","modified":"2015-06-21T22:28:32+00:00","statusText":"Live"},{"id":"305","title":"UMI 3D Tag Cloud [mod_umi3dtagcloud], 1.3.4 and below, XSS (Cross Site Scripting)","description":"<p>UMI 3D Tag Cloud [mod_umi3dtagcloud], 1.3.4 and below, XSS (Cross Site Scripting)<\/p>\r\n","status":"1","created":"2015-06-20T16:25:39+00:00","modified":"2015-06-20T16:28:03+00:00","statusText":"Live"},{"id":"313","title":"Joombri Freelance, pre 1.6.5, SQLi ","description":"<p>JoomBri freelance extension pre 1.6.5. suffers major sqli exploit.<br \/><br \/>No contact from developer, Notified by<a href=\"http:\/\/volunteers.joomla.org\/joomlers\/ruth-cheesley\" target=\"_blank\"> Ruth Cheesley <\/a><\/p>","status":"2","created":"2015-06-19T18:44:51+00:00","modified":"2015-06-19T18:45:49+00:00","statusText":"Resolved"},{"id":"307","title":"BeestoHelpDesk, 3.1.1 and probably all previous,Information Disclosure","description":"<p>BeestoHelpDesk, 3.1.1 and probably all previous,Information Disclosure<\/p>\r\n<p>Resolution: update to version 3.1.2 (or 2.5.2 for users of Joomla 2.5.x)<\/p>\r\n<p>update notice: http:\/\/beesto.com\/forum\/read.php?25,1963,1963#msg-1963<\/p>\r\n","status":"2","created":"2015-06-11T13:25:00+00:00","modified":"2015-06-17T19:07:48+00:00","statusText":"Resolved"},{"id":"297","title":"XCloner Backup and Restore [com_cloner], 3.5.2","description":"<p>XCloner Backup and Restore [com_cloner], 3.5.2, probably previous, multiple vulnerabilities<\/p>\r\n","status":"1","created":"2015-06-14T13:03:03+00:00","modified":"2015-06-14T11:02:23+00:00","statusText":"Live"},{"id":"303","title":"\"EQ Event Calendar\" [com_eqfullevent] , 1.0.0 and below","description":"<p>\"EQ Event Calendar\" by byeqima.com - version: 1.0.0 and lower<\/p>\r\n<p>SQL injection vulnerability<\/p>","status":"1","created":"2015-06-10T19:09:45+00:00","modified":"2015-06-14T09:41:06+00:00","statusText":"Live"},{"id":"302","title":"Football [com_football],SQL Injection","description":"<p>Component com_football, unknown version [possibly joomleague fork]<\/p>\r\n<p>SQL Injection<\/p>\r\n","status":"1","created":"2015-05-23T18:37:02+00:00","modified":"2015-06-10T19:40:54+00:00","statusText":"Live"},{"id":"299","title":"RD Download, 0.9.0 and below","description":"<p>RD Downloads [com_rd_download], 0.9.0 and previous<\/p>\r\n<p><span style=\"text-decoration: underline;\">Warning:<\/span> Author abandoned this component, no further support expected<\/p>\r\n<p><strong>Update notice:\u00a0<\/strong>https:\/\/github.com\/rdeutz\/rd_download<\/p>","status":"2","created":"2015-04-19T17:43:18+00:00","modified":"2015-06-10T19:39:13+00:00","statusText":"Resolved"},{"id":"300","title":"\"Simple Email Form\" by unlikelysource.com, 1.8.5 and below","description":"<p>\"Simple Email Form\" by\u00a0unlikelysource.com, 1.8.5 and older; XSS<\/p>\r\n<p>Resolution: update to version 1.8.6<\/p>\r\n<p>Update notice URL: http:\/\/joomla.unlikelysource.org\/index.php<\/p>\r\n","status":"2","created":"2015-04-23T06:12:19+00:00","modified":"2015-06-10T19:38:56+00:00","statusText":"Resolved"},{"id":"306","title":"OS Property - Joomla Real Estate sqli pre 2.8.1","description":"<p>OS Property - Joomla Real Estate sqli<br \/><br \/><strong>12th May 2014 - New version 2.8.1<\/strong><br \/>==============   Bug Fixed ===============<br \/>1. SQL Injection solved<br \/><br \/>[developer did not inform VEL}<\/p>","status":"2","created":"2015-05-19T14:33:08+00:00","modified":"2015-05-19T14:34:09+00:00","statusText":"Resolved"},{"id":"286","title":"Joomla Spider FAQ by Web-Dorado pre 1.3 ","description":"<p>Joomla Spider FAQ by Web-Dorado pre 1.3 ,SQLi<br \/>Update to 1.3<\/p>\r\n","status":"2","created":"2017-02-02T11:21:26+00:00","modified":"2015-04-23T08:57:13+00:00","statusText":"Resolved"},{"id":"279","title":"AllVideos version 4.6.1 and previous","description":"<p>AllVideos by Joomlaworks version 4.6.1 and previous<\/p>\r\n<p>XSS (Cross Site Scripting)<\/p>\r\n<p>Resolution: update to version 4.7.0<\/p>\r\n<p>Update notice url: <a href=\"http:\/\/www.joomlaworks.net\/forum\/product-updates\/41200-april-20th,-2015-allvideos-v4-7-0\">http:\/\/www.joomlaworks.net\/forum\/product-updates\/41200-april-20th,-2015-allvideos-v4-7-0<\/a><\/p>\r\n","status":"2","created":"2015-04-12T19:39:00+00:00","modified":"2015-04-21T06:46:35+00:00","statusText":"Resolved"},{"id":"238","title":"Events Booking, 1.6.7 and lower, (module: Search Events)","description":"<p>Events Booking  1.6.7 <=Vulnerability: XSS (Cross Site Scripting)<\/p>\r\n<p> <\/p>\r\n<p><strong>Extension Update Details<\/strong><\/p>\r\n<p>This issue only affect the search module (Search Events) which comes with Events Booking. We released version 1.6.8 to address this issue<\/p>\r\n<p><a href=\"http:\/\/joomdonation.com\/forum\/events-booking-general-discussion\/45216-events-booking-version-1-6-8-released.html\" target=\"_blank\">http:\/\/joomdonation.com\/forum\/events-booking-general-discussion\/45216-events-booking-version-1-6-8-released.html<\/a><\/p>","status":"2","created":"2014-12-07T21:54:09+00:00","modified":"2015-04-19T13:19:30+00:00","statusText":"Resolved"},{"id":"287","title":"Creative Contact Form [com_creativecontactform],2.0.0 and previous","description":"<p>Creative Contact Form [com_creativecontactform],2.0.0 and previous,Other<\/p>\r\n<p>Resolution: Update to latest release 3.0.x<\/p>\r\n<p>Notice of Resolution: http:\/\/creative-solutions.net\/joomla\/creative-contact-form<\/p>\r\n<p> <\/p>\r\n","status":"2","created":"2015-04-14T19:21:45+00:00","modified":"2015-04-15T11:18:36+00:00","statusText":"Resolved"},{"id":"285","title":"ECommerce-WD [com_ecommercewd],1.2.5, maybe earlier","description":"<p>ECommerce-WD [com_ecommercewd],1.2.5, maybe earlier,SQL Injection<br \/><strong>developer statement<\/strong><br \/><em>This vulnerabilities are fixed in version 1.2.6 and above. The version 1.2.6 was released on 2015-03-18.<\/em><\/p>\r\n<div> <\/div>\r\n","status":"2","created":"2015-04-14T20:13:48+00:00","modified":"2015-04-14T19:13:48+00:00","statusText":"Resolved"},{"id":"280","title":"hwdVideoShare,N\/A","description":"<p>hwdVideoShare,N\/A,SQL Injection<br \/><br \/><strong>Dev Statement<\/strong><br \/> <em>The hwdVideoShare (com_hwdvideoshare) extension was retired 3 years ago, and we deleted it from the Joomla Extensions Directory. <\/em><br \/><em> It was replaced by a completely new extension called HWDMediaShare.<\/em><\/p>\r\n","status":"2","created":"2017-02-02T11:21:26+00:00","modified":"2015-04-14T17:40:32+00:00","statusText":"Resolved"},{"id":"298","title":"Face Gallery by Apptha [com_facegallery] version 1.0","description":"<p>Face Gallery by Apptha [com_facegallery], version 1.0<\/p>\r\n<p>exploit: Other<\/p>\r\n","status":"1","created":"2015-04-13T13:49:50+00:00","modified":"2015-04-13T12:50:01+00:00","statusText":"Live"},{"id":"296","title":"Joomla Simple Photo Gallery version 1.1","description":"<p>Apptha Joomla Simple Photo Gallery ,com_simplephotogallery version 1.1 and previous,<\/p>\r\n<p>Other<\/p>\r\n","status":"1","created":"2015-04-12T23:58:21+00:00","modified":"2015-04-12T22:58:43+00:00","statusText":"Live"},{"id":"295","title":"youtube plugin - youtubejoomla ,1.1 ","description":"<p>youtube plugin - Stian Totland,1.1 ,Other , youtubejoomla<\/p>\r\n","status":"1","created":"2015-03-27T15:49:42+00:00","modified":"2015-03-27T15:49:42+00:00","statusText":"Live"},{"id":"273","title":"Gallery WD version 1.2.3 and previous","description":"<p>Gallery WD version 1.2.3 and previous XSS (Cross Site Scripting)<\/p>\r\n<p>Resolution: Update to version 1.2.5<\/p>\r\n<p>Update notice URL: http:\/\/web-dorado.com\/products\/joomla-gallery.html<\/p>\r\n","status":"2","created":"2015-02-13T17:21:53+00:00","modified":"2015-02-18T17:01:20+00:00","statusText":"Resolved"},{"id":"271","title":"Solidres previous to 8.0.0","description":"<p>Solidres previous to 8.0.0<\/p>\r\n<p>SQL Injection<\/p>\r\n<p>Update to 8.0.0<\/p>\r\n<p>Update notice URL http:\/\/www.solidres.com\/blog\/2015\/01\/26\/solidres-0-8-0-released\/<\/p>","status":"2","created":"2015-01-26T12:06:00+00:00","modified":"2015-01-26T12:06:00+00:00","statusText":"Resolved"},{"id":"265","title":"Jdownloads Pre 3.2.23","description":"<p>Jdownloads<\/p>\r\n<p>Extension Update Details<\/p>\r\n<p>Version 3.2.23 eliminates two vulnerabilities to prevent SQL injections. Only low risk.<\/p>\r\n<p>UpdateNoticeURL<br \/><a href=\"http:\/\/www.jdownloads.com\/index.php?option=com_content&view=article&id=234:jdownloads-3223-beta-published&catid=51:news\">http:\/\/www.jdownloads.com\/index.php?option=com_content&view=article&id=234:jdownloads-3223-beta-published&catid=51:news<\/a><\/p>","status":"2","created":"2015-01-20T22:08:42+00:00","modified":"2015-01-20T22:08:42+00:00","statusText":"Resolved"},{"id":"257","title":"corephp paGo, LFI 1.0.7 and below","description":"<p>Corephp paGo, ,<br \/>DT, LFI<br \/>Developer update statement<br \/><a href=\"https:\/\/www.corephp.com\/blog\/corephp-announces-immediate-availability-pago-commerce-1-07-1\/\">http:\/\/www.corephp.com\/blog\/corephp-announces-immediate-availability-pago-commerce-1-07-1\/<\/a><\/p>\r\n","status":"2","created":"2015-01-16T02:31:52+00:00","modified":"2015-01-17T15:48:15+00:00","statusText":"Resolved"},{"id":"252","title":"EDVAS blank template pre 3.5.1","description":"<p><br \/>Blank \u00a0bootstrap edition Template :\u00a0Update Details<\/p>\r\n<p><a href=\"http:\/\/github.com\/Bloggerschmidt\/Blank-Bootstrap-Edition\/releases\/tag\/v3.5.1\">http:\/\/github.com\/Bloggerschmidt\/Blank-Bootstrap-Edition\/releases\/tag\/v3.5.1<\/a><\/p>\r\n<p>See <a href=\"https:\/\/github.com\/Bloggerschmidt\/Blank-BootstrapEdition\">https:\/\/github.com\/Bloggerschmidt\/Blank-BootstrapEdition<\/a>\u00a0\u00a0<\/p>","status":"2","created":"2015-01-14T16:52:15+00:00","modified":"2015-01-14T19:43:47+00:00","statusText":"Resolved"},{"id":"251","title":"sbahjaoui contact 1.0","description":"<p>sbahjaoui contact version 1.0<\/p>\r\n<p>SQL Injection<\/p>\r\n<p>Resolution: update to version 1.1<\/p>\r\n<p>Update notice: <a href=\"http:\/\/www.sbahjaoui-info.com\/en\/extensions\/category\/10-sbahjaoui-contact.html\">http:\/\/www.sbahjaoui-info.com\/en\/extensions\/category\/10-sbahjaoui-contact.html<\/a><\/p>\r\n<p>\u00a0<\/p>\r\n<p>{ttweet}{fsubscribe}<\/p>","status":"2","created":"2014-12-29T13:48:49+00:00","modified":"2015-01-08T21:36:22+00:00","statusText":"Resolved"},{"id":"250","title":"Visforms pre 2.1.2 and pre 3.1.2","description":"<p>Update so that information submitted with Visforms cannot be disclosed unintentionally.<\/p>\r\n<p>http:\/\/www.vi-solutions.de\/en\/announcements\/366-security-updates-for-visforms-2-1-2-and-3-1-2-released<\/p>","status":"2","created":"2014-12-23T07:45:21+00:00","modified":"2014-12-23T07:45:21+00:00","statusText":"Resolved"},{"id":"243","title":"failedloginattempts v1.0.1 ","description":"<p>plg_failedloginattempts_v1.0.1_j25_j30, 1.0.1, Information Disclosure<\/p>\r\n<p>\u00a0<\/p>\r\n<p>Developers update statements\u00a0<\/p>\r\n<pre style=\"margin-top: 20px; margin-bottom: 20px; padding: 10px; border-color: #dddddd; font-family: Consolas, monospace, serif; vertical-align: baseline; color: #444444; overflow: auto; background-color: #fafafa;\">12-Dec-2014 : v1.1.0<\/pre>\r\n<p><a href=\"http:\/\/www.web357.eu\/news\/releases\/68-failed-login-attempts-v1-1-0-has-been-released-security-release.html\">http:\/\/www.web357.eu\/news\/releases\/68-failed-login-attempts-v1-1-0-has-been-released-security-release.html<\/a><\/p>","status":"2","created":"2014-12-07T21:55:37+00:00","modified":"2014-12-13T09:22:13+00:00","statusText":"Resolved"},{"id":"231","title":"Admin Exile 2.3.5 sqli","description":"<p>Admin Exile version 2.3.5 SQL injection<\/p>\r\n<p>Developer Update<br \/>Version 2.3.6 resolves an unpublished\/theoretical SQL injection vulnerability.<br \/> <a href=\"http:\/\/www.richeyweb.com\/development\/joomla-plugins\/71-adminexile-for-joomla-16\">http:\/\/www.richeyweb.com\/development\/joomla-plugins\/71-adminexile-for-joomla-16<\/a><\/p>\r\n<p> <\/p>","status":"2","created":"2014-11-15T13:27:12+00:00","modified":"2014-12-02T01:49:56+00:00","statusText":"Resolved"},{"id":"237","title":"HDFLVPlayer, 2.0, Directory Traversal","description":"<p>HDFLVPlayer, 2.0, Directory Traversal<\/p>\r\n<p>Contus\/apptha<\/p>\r\n<p>developers statement<\/p>\r\n<p>We fixed the directory traversal issue and updated the version with 2.2<\/p>\r\n<p>UpdateNoticeURL<br \/>http:\/\/www.hdflvplayer.net\/hd-flv-player-download.php<\/p>","status":"2","created":"2014-12-02T01:48:15+00:00","modified":"2014-12-02T01:48:15+00:00","statusText":"Resolved"},{"id":"236","title":"edocuman, 1.6.0, Other","description":"<p class=\"modified\">edocuman, 1.6.0, Other<\/p>\r\n<p>Developer update notice <\/p>\r\n<p><a href=\"http:\/\/joomdonation.com\/forum\/edocman\/45095-low-security-edocman-1-6-1-released.html#53433\">http:\/\/joomdonation.com\/forum\/edocman\/45095-low-security-edocman-1-6-1-released.html#53433<\/a><\/p>","status":"2","created":"2014-12-02T01:47:13+00:00","modified":"2014-12-02T01:47:13+00:00","statusText":"Resolved"},{"id":"230","title":"MijoShop, 2.4.x - 2.5.x,","description":"<p>MijoShop, 2.4.x - 2.5.x, SQL Injection<\/p>\r\n<p>Extension Update Details 2.5.2<\/p>\r\n<p>UpdateNoticeURL <a href=\"http:\/\/miwisoft.com\/blog\/mijoshop-252-security-update-released\">http:\/\/miwisoft.com\/blog\/mijoshop-252-security-update-released<\/a><\/p>","status":"2","created":"2014-11-12T12:47:21+00:00","modified":"2014-11-14T23:31:50+00:00","statusText":"Resolved"},{"id":"291","title":"AceShop, up to version 4.1.3,","description":"<p>AceShop, up to version 4.1.3, SQL Injection<\/p>","status":"1","created":"2014-11-12T12:51:16+00:00","modified":"2014-11-12T13:54:07+00:00","statusText":"Live"},{"id":"229","title":"Akeeba CMS Update","description":"<p>Extension Update Details<\/p>\r\n<p>Akeeba CMS Update 1.0.2<\/p>\r\n<p><br \/>Update Notice URL<br \/>https:\/\/www.akeebabackup.com\/home\/news\/1605-security-update-sep-2014.html<\/p>","status":"2","created":"2014-09-30T17:29:55+00:00","modified":"2014-09-30T17:29:55+00:00","statusText":"Resolved"},{"id":"224","title":"Hika Shop ","description":"<p>HikaShop 2.3.2 and below also Hika Market 1.4.3 and below<\/p>\r\n<p>Remote code execution<\/p>\r\n<p>Note that developer did not inform the VEL<\/p>\r\n<p>Notice of resolution: <a href=\"http:\/\/www.hikashop.com\/index.php?option=com_content&view=article&id=269\">http:\/\/www.hikashop.com\/index.php?option=com_content&view=article&id=269<\/a><\/p>\r\n<p> <\/p>","status":"2","created":"2014-09-24T15:58:05+00:00","modified":"2014-09-24T17:00:37+00:00","statusText":"Resolved"},{"id":"223","title":"JDownloads","description":"<p>unauthorized file upload<\/p>\r\n<p>vulnerable versions: below 1.9.1.6 (Joomla 2.5) and below 1.9.2.11 (Joomla 3)<\/p>\r\n<p>security release announcement: <a href=\"http:\/\/www.jdownloads.com\/index.php?option=com_content&view=article&id=231:urgent-security-update-for-19-series&catid=51:news\">http:\/\/www.jdownloads.com\/index.php?option=com_content&view=article&id=231:urgent-security-update-for-19-series&catid=51:news<\/a><\/p>\r\n<p> <\/p>\r\n<p>Note that the developer did not inform the VEL<\/p>","status":"2","created":"2014-09-24T15:30:41+00:00","modified":"2014-09-24T15:38:16+00:00","statusText":"Resolved"},{"id":"290","title":"Joomla Mac Gallery 1.5 and below ","description":"<p>Joomla Mac Gallery 1.5 and below RFI<\/p>","status":"1","created":"2014-09-22T14:45:22+00:00","modified":"2014-09-22T14:45:22+00:00","statusText":"Live"},{"id":"289","title":"AceSEF , 4.1.2 and below","description":"<p>AceSEF , 4.1.2, SQL Injection<\/p>","status":"1","created":"2014-09-17T17:34:53+00:00","modified":"2014-09-17T20:40:00+00:00","statusText":"Live"},{"id":"288","title":"EuropaCart, 8.0.1 and below ,","description":"<p>EuropaCart, 8.0.1,  Other - ACL <br \/>@Kryptronic<\/p>","status":"1","created":"2014-09-16T20:37:01+00:00","modified":"2014-09-17T04:24:03+00:00","statusText":"Live"},{"id":"222","title":"Spider Contacts 1.3.6 SQLI","description":"<p>Joomla Spider Contacts 1.3.6 SQL Injection<\/p>\r\n<p>Developer update<\/p>\r\n<p><a href=\"http:\/\/web-dorado.com\/products\/joomla-contacts.html\">http:\/\/web-dorado.com\/products\/joomla-contacts.html<\/a><\/p>","status":"2","created":"2014-09-12T10:58:59+00:00","modified":"2014-09-16T05:43:08+00:00","statusText":"Resolved"},{"id":"216","title":"joomla spider video, 2.8.3, sqli","description":"<p>joomla spider video, 2.8.3, SQL Injection<\/p>\r\n<p>UpdateNoticeURL<br \/>http:\/\/web-dorado.com\/products\/joomla-player.html<\/p>","status":"2","created":"2014-08-29T07:27:20+00:00","modified":"2014-09-01T15:01:53+00:00","statusText":"Resolved"},{"id":"215","title":"Akeeba backup","description":"<p><a href=\"https:\/\/www.akeebabackup.com\/home\/news\/1561-security-updates-august-2014.html\" target=\"_blank\">https:\/\/www.akeebabackup.com\/home\/news\/1561-security-updates-august-2014.html<\/a><\/p>\r\n<p>3.2.0-3.2.7, 3.3.0-3.3.13, 3.4.0-3.4.3, 3.5.x, 3.6.0-3.6.12, 3.7.x, 3.8.0-3.8.2, 3.9.x, 3.10.x, 3.11.0-3.11.3<\/p>\r\n<p> <\/p>\r\n<p> <\/p>\r\n<p> <\/p>\r\n<p> <\/p>\r\n<p> <\/p>","status":"2","created":"2014-08-21T04:09:00+00:00","modified":"2014-08-21T05:13:46+00:00","statusText":"Resolved"},{"id":"213","title":"Joomla Multicalendar, 5.3.2 and previous versions,","description":"<p>Joomla Multicalendar, 5.3.2 and previous versions, XSS (Cross Site Scripting)<\/p>\r\n<p><span style=\"color: #222222; font-family: Arial,Helvetica,sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; float: none; background-color: #ffffff;\">UpdateNoticeURL<\/span><br style=\"color: #222222; font-family: Arial,Helvetica,sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: #ffffff;\" \/><a href=\"http:\/\/www.google.com\/url?q=http%3A%2F%2Fwww.joomlacalendars.com%2Ffaq%2Fmulti-view-calendar-for-joomla%23q39&sa=D&sntz=1&usg=AFQjCNGOvGD4rpzf_q4Oyi3FGjyMbWK74A\" target=\"_blank\" style=\"margin: 0px; padding: 0px; border: 0px none; vertical-align: baseline; text-decoration: none; color: #6611cc; cursor: pointer; font-family: Arial,Helvetica,sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: #ffffff;\">http:\/\/www.joomlacalendars.com\/faq\/multi-view-calendar-for-joomla#q39<\/a><\/p>","status":"2","created":"2014-08-07T21:06:15+00:00","modified":"2014-08-15T14:25:25+00:00","statusText":"Resolved"},{"id":"207","title":"Watchful Client (watchful.li extension), 1.9.0 and lower","description":"<p>Extension was not preventing execution of files outside of the framework, and therefore enabling potential unwanted information disclosure and other attacks using weak hash key implementation.<\/p>\r\n<p>Update to version 1.9.1 :\u00a0https:\/\/watchful.li\/news\/watchful-1-9-1-released.html<\/p>","status":"2","created":"2014-08-05T10:43:16+00:00","modified":"2014-08-07T19:23:14+00:00","statusText":"Resolved"},{"id":"208","title":"JChatSocial, 2.2 and lower","description":"<p>JChatSocial, 2.2 and lower, XSS (Cross Site Scripting)<\/p>\r\n","status":"2","created":"2014-08-06T00:12:25+00:00","modified":"2014-08-06T21:24:39+00:00","statusText":"Resolved"},{"id":"205","title":"youtube gallery, 4.1.7,","description":"<p>youtube gallery, 4.1.7, SQL Injection<\/p>\r\n<p>Extension Update Details<\/p>\r\n<p>4.1.9<\/p>\r\n<p>UpdateNoticeURL<br \/><a href=\"http:\/\/www.joomlaboat.com\/youtube-gallery\">http:\/\/www.joomlaboat.com\/youtube-gallery<\/a><\/p>\r\n","status":"2","created":"2014-07-18T12:44:54+00:00","modified":"2014-07-19T00:55:11+00:00","statusText":"Resolved"},{"id":"199","title":"Joomlaworks allvideos","description":"<p> <\/p>\r\n<p>Joomlaworks allvideos plugin version 4.5.0 and previous XSS (cross-site scripting\r\nExtension Update Details\r\n The new 4.6.0 version released replaces the XSS affected JW Player v5 with the newest v6.\r\n<p><br \/>UpdateNoticeURL<br \/><a href=\"http:\/\/www.joomlaworks.net\/forum\/extension-updates\/14896-june-3rd,-2014-allvideos-v4-6-0\" target=\"_blank\">http:\/\/www.joomlaworks.net\/forum\/extension-updates\/14896-june-3rd,-2014-allvideos-v4-6-0<\/a>\r\n<\/p>\r\n<p> <\/p>","status":"2","created":"2014-06-02T14:52:42+00:00","modified":"2014-06-06T19:22:22+00:00","statusText":"Resolved"},{"id":"198","title":"JW player, 5.10.22 xss","description":"<p>JW player, 5.10.2295, XSS (Cross Site Scripting)<\/p>\r\n<p>Update notice url:http:\/\/www.joomlaworks.net\/forum\/extension-updates\/14896-june-3rd,-2014-allvideos-v4-6-0<\/p>\r\n<p> <\/p>\r\n","status":"2","created":"2014-06-02T12:14:47+00:00","modified":"2014-06-03T10:58:20+00:00","statusText":"Resolved"},{"id":"284","title":"Codels codehighlighter 1.4","description":"<p>Codels plg_content_codehighlighter version 1.4 and previous. XSS (Cross Site Scripting)<\/p>","status":"1","created":"2014-03-07T18:22:52+00:00","modified":"2014-05-10T09:32:00+00:00","statusText":"Live"},{"id":"190","title":"plg_highlight_content, 1.5 and previous ","description":"<p>plg_highlight_content, 1.5 and previious versions, XSS (Cross Site Scripting)<\/p>\r\n<p>update notice: <a href=\"http:\/\/www.jonijnm.es\/web\/descargas\/category\/9-highlight-code.html\">http:\/\/www.jonijnm.es\/web\/descargas\/category\/9-highlight-code.html<\/a><\/p>\r\n","status":"2","created":"2014-03-08T11:06:37+00:00","modified":"2014-03-11T08:17:46+00:00","statusText":"Resolved"},{"id":"191","title":"plg_highlight_button, 1.5 and previious sqli","description":"<p>plg_highlight_button, 1.5 and previious versions, SQL Injection<\/p>\r\n<p>Update notice: <a href=\"http:\/\/www.jonijnm.es\/web\/descargas\/category\/9-highlight-code.html\">http:\/\/www.jonijnm.es\/web\/descargas\/category\/9-highlight-code.html<\/a><\/p>\r\n","status":"2","created":"2014-03-08T11:24:34+00:00","modified":"2014-03-10T12:42:30+00:00","statusText":"Resolved"},{"id":"176","title":"ODude Profile","description":"<p>ODude Profile<\/p>\r\n<p>Directory Traversal vulnerability - 777<br \/><strong>developer statement<\/strong><\/p>\r\n<table id=\"articleList\" class=\"adminlist table table-striped\">\r\n<tbody>\r\n<tr class=\"row0\">\r\n<td>ODude Profile<\/td>\r\n<td>3.2<\/td>\r\n<td><a href=\"http:\/\/www.odude.com\/main\/profile\/profile-changelog.html\">http:\/\/www.odude.com\/main\/profile\/profile-changelog.html<\/a><\/td>\r\n<\/tr>\r\n<\/tbody>\r\n<\/table>\r\n","status":"2","created":"2014-02-08T21:53:24+00:00","modified":"2014-03-08T09:10:01+00:00","statusText":"Resolved"},{"id":"283","title":"plg_codehighlight, 1.0.1 , xss","description":"<p>union-d codehighlight, 1.0.1 , XSS (Cross Site Scripting)<\/p>\r\n","status":"1","created":"2014-03-06T16:16:03+00:00","modified":"2014-03-07T04:48:43+00:00","statusText":"Live"},{"id":"182","title":"ODude Dir - DT","description":"<p>ODude DIR - DT-777<\/p>\r\n<p>developer statement <br \/>ODude Dir     1.1 updated with fixed securities issues.     <a href=\"http:\/\/www.odude.com\/main\/dir\/dir-log.html\">http:\/\/www.odude.com\/main\/dir\/dir-log.html<\/a><\/p>","status":"2","created":"2014-02-08T23:01:25+00:00","modified":"2014-03-01T09:05:14+00:00","statusText":"Resolved"},{"id":"181","title":"ODude Ecard - DT","description":"<p>ODude Ecard - DT - 777<br \/>developer statement - ODude Ecard     Version 2.1     <a href=\"http:\/\/www.odude.com\/main\/odude-ecard\/ecard-log.html\">http:\/\/www.odude.com\/main\/odude-ecard\/ecard-log.html<\/a><\/p>","status":"2","created":"2014-02-08T23:00:55+00:00","modified":"2014-03-01T09:04:38+00:00","statusText":"Resolved"},{"id":"184","title":"Google Maps plugin for Joomla, pre 3.1 and 2.20,","description":"<p>Google Maps plugin for Joomla, 3.1 and 2.20, XSS (Cross Site Scripting) joomla-base<br \/><a href=\"mailto:tech@reumer.net\">reumer.net<\/a><br \/><strong>developer statement<\/strong><br \/>A SECURITY RELEASE 3.1 of plugin Google Maps by Reumer is released and this must be applied to your Joomla installation. <a href=\"http:\/\/tech.reumer.net\/Google-Maps\/Documentation-of-plugin-Googlemap\/security-release-3-1-of-plugin-googlemaps.html\">http:\/\/tech.reumer.net\/Google-Maps\/Documentation-of-plugin-Googlemap\/security-release-3-1-of-plugin-googlemaps.html<\/a><\/p>\r\n","status":"2","created":"2014-02-27T01:04:30+00:00","modified":"2014-02-28T10:07:12+00:00","statusText":"Resolved"},{"id":"183","title":"JJ Shoutbox, 1.2.6,","description":"<p>JJ Shoutbox, 1.2.6, Other<br \/><strong>Developer statement<\/strong><br \/>This security issue was for version 1.2.6 of JJ Shoutbox. We fixed this issue last night and released version 1.3.0     <a href=\"http:\/\/joomjunk.co.uk\/products\/module-home\/shoutbox.html#changelog\">http:\/\/joomjunk.co.uk\/products\/module-home\/shoutbox.html#changelog<\/a><\/p>\r\n","status":"2","created":"2014-02-26T14:55:44+00:00","modified":"2014-02-28T01:16:49+00:00","statusText":"Resolved"},{"id":"175","title":"JomSocial component pre 3.1.0.1 ","description":"<p>JomSocial component < 3.1.0.1 RFI<br \/>The new version number is 3.1.0.4 <a href=\"http:\/\/www.jomsocial.com\/blog\/hot-fix-3-1-0-4\">http:\/\/www.jomsocial.com\/blog\/hot-fix-3-1-0-4<\/a><\/p>\r\n","status":"2","created":"2014-02-02T14:24:13+00:00","modified":"2014-02-08T23:06:42+00:00","statusText":"Resolved"},{"id":"168","title":"iRecommend, >= 3.0,","description":"<p>iRecommend, >= 3.0, Other<br \/>XSS & FPD<\/p>\r\n<p>developer states inaccurate report<\/p>","status":"2","created":"2014-01-25T01:30:45+00:00","modified":"2014-01-26T21:52:37+00:00","statusText":"Resolved"},{"id":"164","title":"Spider contacts, 1.3.3,","description":"<p>Spider contacts, 1.3.3, SQL Injection<br \/>Extension Update Details<\/p>\r\n<p>We have fixed the vulnerability on Spider Contacts. We have changed the version to 1.3.4 on JED and also added corresponding text to the description.<\/p>\r\n<p>UpdateNoticeURL<br \/>http:\/\/web-dorado.com\/products\/joomla-contacts.html<\/p>\r\n","status":"2","created":"2013-11-04T18:30:42+00:00","modified":"2013-11-07T10:14:45+00:00","statusText":"Resolved"},{"id":"159","title":"spider contact lite, sqli","description":"<p>spider contact lite , , as per <a href=\"vel-blog\/976-spider-contacts-1-3-3.html\"><\/a><a href=\"vel-blog\/976-spider-contacts-1-3-3.html\">http:\/\/vel.joomla.org\/vel-blog\/976-spider-contacts-1-3-3.html<\/a><br \/>Extension Update Details<\/p>\r\n<p>We have fixed the vulnerability on Spider Contacts Lite. We have changed the version to 1.3.4 on JED and also added corresponding text to the description.<\/p>\r\n<p>UpdateNoticeURL<br \/>http:\/\/web-dorado.com\/products\/joomla-contacts.html<\/p>\r\n","status":"2","created":"2013-11-02T15:56:26+00:00","modified":"2013-11-07T10:13:50+00:00","statusText":"Resolved"},{"id":"157","title":"jomsocial below 3.0.5.1 ","description":"<p>jomsocial , < 3.0.5.1, SQL Injection<br \/>Resolved prior to notification<\/p>\r\n","status":"2","created":"2013-10-17T18:08:58+00:00","modified":"2013-10-17T20:47:17+00:00","statusText":"Resolved"},{"id":"156","title":"Mijo Analytics, Joomla 2.5.x,","description":"<p>Mijo Analytics, Joomla 2.5.x, SQL Injection<\/p>\r\n","status":"2","created":"2013-09-25T23:29:26+00:00","modified":"2013-09-27T11:53:41+00:00","statusText":"Resolved"},{"id":"282","title":"My Blog, 2.0.1 Build 286,","description":"<p>My Blog, 2.0.1 Build 286, SQL Injection<\/p>\r\n","status":"1","created":"2013-09-26T03:41:08+00:00","modified":"2013-09-27T02:46:55+00:00","statusText":"Live"},{"id":"140","title":"Unite Horizontal Carousel","description":"<p> <\/p>\r\n<p>Unite Horizontal Carousel, , Directory Traversal Updated the extension, fixed the bug, the new version is 1.1<\/p>\r\n<p><br \/>UpdateNoticeURL<br \/><a href=\"http:\/\/unitecms.net\/news\" target=\"_blank\"> <\/a><a href=\"http:\/\/unitecms.net\/news\">http:\/\/unitecms.net\/news<\/a><\/p>\r\n","status":"2","created":"2013-06-21T05:54:42+00:00","modified":"2013-09-12T12:36:18+00:00","statusText":"Resolved"},{"id":"149","title":"sectionex, 2.5.96","description":"<p>sectionex, , SQL Injection<br \/>Extension Update Details<\/p>\r\n<p>Version 2.5.104<\/p>\r\n<p>Update Notice URL<br \/><a href=\"http:\/\/stackideas.com\/blog\/important-security-release-for-sectionex-2-5\">http:\/\/stackideas.com\/blog\/important-security-release-for-sectionex-2-5<\/a><\/p>\r\n","status":"2","created":"2013-08-19T21:06:07+00:00","modified":"2013-09-11T12:52:14+00:00","statusText":"Resolved"},{"id":"155","title":"Ace SEF4","description":"<p>With the AceSEF 4.0.0, XSS Vulnerability is solved<\/p>\r\n<p><a href=\"http:\/\/www.joomace.net\/joomla-extensions\/acesef\/changelog\">http:\/\/www.joomace.net\/joomla-extensions\/acesef\/changelog<\/a><\/p>\r\n<p>UpdateNoticeURL<br \/><a href=\"http:\/\/www.joomace.net\/joomla-extensions\/acesef-joomla-seo-sef-urls\">http:\/\/www.joomace.net\/joomla-extensions\/acesef-joomla-seo-sef-urls<\/a><\/p>","status":"2","created":"2013-09-04T14:33:27+00:00","modified":"2013-09-04T14:33:27+00:00","statusText":"Resolved"},{"id":"148","title":"joomsport pro and std","description":"<p>joomsport,  pro 3.1.1 and std 2.0 , Directory Traversal<br \/>developers release statement<br \/><span style=\"font-size: 11pt; font-family: 'Calibri','sans-serif'; color: #1f497d;\" lang=\"EN-US\"><span><span style=\"font: 7pt 'Times New Roman';\">      <\/span><\/span><\/span><span style=\"font-size: 11pt; font-family: 'Calibri','sans-serif'; color: #1f497d;\" lang=\"EN-US\">Security notes put in product description and put release notes on our site for both products <a href=\"http:\/\/joomsport.com\/downloads\/components.html?lang=en\" target=\"_blank\">http:\/\/joomsport.com\/downloads\/components.html?lang=en<\/a> <\/span><\/p>\r\n<p><span style=\"font-size: 11pt; font-family: 'Calibri','sans-serif'; color: #1f497d;\" lang=\"EN-US\"><span>-<span style=\"font: 7pt 'Times New Roman';\">          <\/span><\/span><\/span><span style=\"font-size: 11pt; font-family: 'Calibri','sans-serif'; color: #1f497d;\" lang=\"EN-US\">Here is the link for standard updated release <a>http:\/\/joomsport.com\/downloads\/components\/239-joomsport-standard-for-joomla-3.html?lang=en<\/a><a href=\"http:\/\/joomsport.com\/downloads\/components\/239-joomsport-standard-for-joomla-3.html?lang=en\" target=\"_blank\"><br \/><br \/><\/a><strong>vel team no<\/strong><\/span><strong>tice<\/strong> - this does NOT resolve any existing exploits and MAY only effective on new installs<\/p>\r\n","status":"2","created":"2013-08-19T20:51:25+00:00","modified":"2013-08-20T19:45:51+00:00","statusText":"Resolved"},{"id":"147","title":"Cobalt,8.270","description":"<p>Cobalt, , DT\/permissions<br \/>developer update <span style=\"font-size: 12pt; color: #000000; font-family: Calibri;\">Notice updated <\/span><a style=\"font-size: 12pt;\" href=\"http:\/\/www.mintjoomla.com\/blog\/item\/279-update-cobalt-v-8-279-stable.html\" target=\"_blank\">http:\/\/www.mintjoomla.com\/blog\/item\/279-update-cobalt-v-8-279-stable.html<\/a><\/p>\r\n","status":"2","created":"2013-08-01T13:51:19+00:00","modified":"2013-08-07T19:36:10+00:00","statusText":"Resolved"},{"id":"138","title":"flashChart Content Plugin, ","description":"<p>flashChart Content Plugin, <1.2.1, XSS (Cross Site Scripting)<br \/><strong>Extension Update Details<\/strong><\/p>\r\n<p>updatet\/fixed XSS vulnerability in open-flashchart-swf for external call \"get-data\"<\/p>\r\n<p>UpdateNoticeURL<br \/><a href=\"http:\/\/www.jschmidt-systemberatung.de\/index.php?lang=en&Itemid=227\">http:\/\/www.jschmidt-systemberatung.de\/index.php?lang=en&Itemid=227<\/a><\/p>\r\n<p> <\/p>","status":"2","created":"2013-05-31T15:58:23+00:00","modified":"2013-07-03T11:59:55+00:00","statusText":"Resolved"},{"id":"137","title":"CiviCRM 4.3.3 and previous","description":"<p>CiviCRM, <= 4.3.3, XSS (Cross Site Scripting)<\/p>\r\n<p>Update Notice URL<br \/><a href=\"http:\/\/civicrm.org\/blogs\/colemanw\/security-release-civicrm-434\">http:\/\/civicrm.org\/blogs\/colemanw\/security-release-civicrm-434<\/a><\/p>\r\n<p> <\/p>\r\n","status":"2","created":"2013-06-01T21:27:51+00:00","modified":"2013-06-24T13:37:18+00:00","statusText":"Resolved"},{"id":"139","title":"Jinc, all versions,","description":"<p> <\/p>\r\n<p>Jinc, all versions, XSS (Cross Site Scripting)<\/p>\r\n<p>UpdateNotice URL<\/p>\r\n<p><a href=\"http:\/\/lhacky.altervista.org\/jextensions\/index.php\/component\/content\/article\/21-news\/jinc\/100-security-issue-on-jinc-1-0-1\" target=\"_blank\"> <\/a><a href=\"http:\/\/lhacky.altervista.org\/jextensions\/index.php\/component\/content\/article\/21-news\/jinc\/100-security-issue-on-jinc-1-0-1\" target=\"_blank\">http:\/\/lhacky.altervista.org\/jextensions\/index.php\/component\/content\/article\/21-news\/jinc\/100-security-issue-on-jinc-1-0-1<\/a><\/p>\r\n","status":"2","created":"2013-06-01T21:28:25+00:00","modified":"2013-06-04T20:32:45+00:00","statusText":"Resolved"},{"id":"277","title":"Phoca Gallery 3x","description":"<p>Phoca Gallery, 3x, SQL Injection<\/p>\r\n<p> <\/p>","status":"1","created":"2013-05-19T23:46:13+00:00","modified":"2013-06-03T09:26:53+00:00","statusText":"Live"},{"id":"130","title":"bo:VideoJS, 2.1.1,","description":"<p>bo:VideoJS, 2.1.1,     xss<\/p>\r\n<p><span style=\"line-height: 1.5em;\">From developer<a href=\"http:\/\/www.boeschung.de\/en\/joomla\/bo-videojs\/video-js-v320\">http:\/\/www.boeschung.de\/en\/joomla\/bo-videojs\/video-js-v320<\/a><\/span><\/p>","status":"2","created":"2013-05-05T23:48:07+00:00","modified":"2013-05-20T16:56:00+00:00","statusText":"Resolved"},{"id":"123","title":"alfcontact","description":"<p>xss 230413<\/p>\r\n","status":"2","created":"2013-04-27T14:51:17+00:00","modified":"2013-04-30T23:49:52+00:00","statusText":"Resolved"},{"id":"128","title":"aiContactSafe 2.0.19","description":"xss\n160413\ndeveloper release statement <a rel=\"nofollow\" class=\"external text\" href=\"http:\/\/www.algisinfo.com\/en\/home-bottom\/41-xss-in-aicontactsafe.html\">for version 2.0.21<\/a><p>Authors: ...<\/p>","status":"2","created":"2013-04-27T14:51:17+00:00","modified":"2013-04-29T20:09:48+00:00","statusText":"Resolved"},{"id":"129","title":"civic crm 422","description":"upload exploit \/RFI\n260413\ndeveloper <a rel=\"nofollow\" class=\"external free\" href=\"http:\/\/civicrm.org\/category\/civicrm-blog-categories\/civicrm-v43\">http:\/\/civicrm.org\/category\/civicrm-blog-categories\/civicrm-v43<\/a> release 4.3.1\n<p>Authors: ...<\/p>","status":"2","created":"2013-04-29T20:03:54+00:00","modified":"2013-04-29T20:09:48+00:00","statusText":"Resolved"},{"id":"249","title":"MT Fire Eagle","description":"LFI <a rel=\"nofollow\" class=\"external free\" href=\"http:\/\/joomlacode.org\/gf\/project\/jfireeagle\/frs\/\">http:\/\/joomlacode.org\/gf\/project\/jfireeagle\/frs\/<\/a><a rel=\"nofollow\" class=\"external free\" href=\"http:\/\/www.moto-treks.com\">http:\/\/www.moto-treks.com<\/a> 190410\n product considered retired and to be replaced by dev\n<p>Authors: ...<\/p>","status":"1","created":"2013-02-20T20:37:14+00:00","modified":"2013-02-20T20:37:14+00:00","statusText":"Live"},{"id":"255","title":"worldrates","description":"<a rel=\"nofollow\" class=\"external free\" href=\"http:\/\/dev.pucit.edu.pk\/\">http:\/\/dev.pucit.edu.pk\/<\/a>120410\n<p>Authors: ...<\/p>","status":"1","created":"2013-02-20T20:37:14+00:00","modified":"2013-02-20T20:37:14+00:00","statusText":"Live"},{"id":"785","title":"HikaShop, Versions from 4.4.1 to 4.7.2 are affected, SQL Injection","status":"1","jed":"https:\/\/extensions.joomla.org\/extension\/hikashop\/","created":"2023-06-16T08:49:55+00:00","statusText":"Live"},{"id":"714","title":"JCE Pro, 2.8.15, xss","description":"<p>This 2.8.15 an important security update is included to prevent potential <a href=\"https:\/\/en.wikipedia.org\/wiki\/Cross-site_scripting\" target=\"_blank\" rel=\"noopener\" title=\"Cross Site Scripting\">cross-site scripting<\/a> attacks.<\/p>\r\n<p> <\/p>\r\n<p><a href=\"https:\/\/www.joomlacontenteditor.net\/news\/jce-pro-2-8-15-released\">https:\/\/www.joomlacontenteditor.net\/news\/jce-pro-2-8-15-released<\/a><\/p>","status":"2","patch_version":"2.8.15","update_notice":"https:\/\/www.joomlacontenteditor.net\/news\/jce-pro-2-8-15-released","created":"2020-07-23T08:42:33+00:00","statusText":"Resolved"},{"id":"728","title":"RealPin by Frumania, SQL, 1.5.04","description":"<p>Name: Realpin Old 1.5.04 \/ New 1.6.0<\/p>\r\n<p>Update details: Fixed risk of SQL Injection<\/p>\r\n<p>Update URL: https:\/\/realpin.frumania.com\/<\/p>","status":"2","start_version":"1.5.04","vulnerable_version":"1.5.04","patch_version":"1.6","update_notice":"https:\/\/realpin.frumania.com\/","created":"2020-12-30T21:47:30+00:00","statusText":"Resolved"},{"id":"477","title":"easysocial, 2.0.18 and below","description":"<p>easysocial, 2.0.18 and below<\/p>\r\n<h2>\u00a0<\/h2>\r\n<h2>Extension Update Details<\/h2>\r\n<h2>https:\/\/stackideas.com\/blog\/security-update-for-easysocial-2019<\/h2>","status":"2","start_version":"2.0.18 and","vulnerable_version":"2.0.18 and","patch_version":"2.0.19","update_notice":"https:\/\/stackideas.com\/blog\/security-update-for-easysocial-2019","created":"2017-07-01T20:11:39+00:00","statusText":"Resolved"}]}}