Aggregates CVE and security vulnerability intelligence across all cmsjunkie-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk sql injection and vendor risk cross-site scripting, with potential vendor impact session compromise and vendor impact data exposure across vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-5182 | The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing. In some configurations, the link to the business website can be entered by any user. If it doesn't contain rel="noopener" (or similar attributes such as noreferrer), the tabnabbing may occur. To reproduce the bug, create a business with a website link that contains JavaScript to exploit the window.opener property (for example, by setting window.opener.location). | [email protected] | 6.5 | 0.29% | 2020-02-03 | 2024-11-21 |
| CVE-2015-1478 | Cross-site scripting (XSS) vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the view parameter to /classifieds. | [email protected] | 4.3 | 3.32% | 2015-02-04 | 2026-05-06 |
| CVE-2015-1477 | SQL injection vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewad task to classifieds/offerring-ads. | [email protected] | 7.5 | 0.94% | 2015-02-04 | 2026-05-06 |