Komento, 2.0.4 and previous, XSS (Cross Site Scripting)

Published: Thursday, 08 October 2015

Stackideas Komento, prior to 2.0.5, XSS (Cross Site Scripting)

Resolved in version 2.0.5

Update notice: http://stackideas.com/changelog/komento?version=2.0.5 ...

Read more: Komento, 2.0.4 and previous, XSS (Cross Site Scripting)

Jetext (abandonware), all version

Published: Thursday, 08 October 2015

Jetext

Presumed abandonware (no information about the developer) ...

Read more: Jetext (abandonware), all version

Extplorer, 2.1.7 and previous

Published: Saturday, 12 September 2015

Developer startement

eXtplorer 2.1.8 released

Today eXtplorer 2.1.8 was released, fixing some minor vulnerabilities. Changelog: - added security functions for protection against CSRF attacks - fixed "directories with the name '0' are not loading" An update is recommended.

http://extplorer.net/news/18 ...

Read more: Extplorer, 2.1.7 and previous

Vnmshop (abandonware), all versions

Published: Tuesday, 22 September 2015

Vnmshop extension, unknown author (probably abandonware)

All versions suspected to be vulnerable...

Read more: Vnmshop (abandonware), all versions

Master User, versions before 2.1.4

Published: Tuesday, 08 September 2015

Versions before 2.1.4 suffered from an issue with insecure default settings, the issue affects Joomla 3.4 sites only, but users are advised by the developer to update anyway.

Resolution: Update to version 2.1.4

Update notice URL: https://www.spiralscripts.co.uk/News/security-release-master-user-plugin.html

 ...

Read more: Master User, versions before 2.1.4