JEvents pre - 3.2.20

Published: Thursday, 03 September 2015

Extension: JEvents from jevents.net

Vulnerability: SQL injection

Versions affected prior to 3.2.20

Resolution: update to 3.2.20 - JEvents 3.4.0RC6 is also available for Joomla 3.4+ which fixes the same security issue.

Update notice URL

https://www.jevents.net/component/zoo/item/jevents-33...

Read more: JEvents pre - 3.2.20

Joomla GoogleSearch (CSE), 3.0.2 and below, any Joomla

Published: Wednesday, 02 September 2015

Joomla GoogleSearch (CSE), 3.0.2 and below, any Joomla,XSS (Cross Site Scripting)...

Read more: Joomla GoogleSearch (CSE), 3.0.2 and below, any Joomla

JCE - A Content Editor for Joomla, 2.5.0, 2.5.1, 2.5.2

Published: Wednesday, 02 September 2015

JCE - A Content Editor for Joomla, vulnerable versions: 2.5.0, 2.5.1, 2.5.2,

Vulnerability type: other

Resolution: update to version 2.5.3

Update Notice URLhttps://www.joomlacontenteditor.net/news/item/jce-253-released

Developer says that versions prior to 2.5.0 do not appear to be affected, but all users are advised to upgrade to 2.5.3...

Read more: JCE - A Content Editor for Joomla, 2.5.0, 2.5.1, 2.5.2

JACC,3.0.3,XSS (Cross Site Scripting)

Published: Wednesday, 19 August 2015

JACC (Just Another Component Creator),3.0.3 - r199, XSS (Cross Site Scripting)

Note that the vulnerability affects Joomla components generated using this extension rather than the extension itself....

Read more: JACC,3.0.3,XSS (Cross Site Scripting)