Aggregates CVE and security vulnerability intelligence across all joomsky-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and vendor risk csrf and related problems; some flaws may lead to vendor impact file overwrite, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-58234 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JoomSky JS Job Manager js-jobs allows Stored XSS.This issue affects JS Job Manager: from n/a through <= 2.0.2. | [email protected] | 6.5 | 0.02% | 2025-09-22 | 2026-04-23 |
| CVE-2025-32660 | Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager js-jobs allows Upload a Web Shell to a Web Server.This issue affects JS Job Manager: from n/a through <= 2.0.2. | [email protected] | 10.0 | 0.57% | 2025-04-17 | 2026-04-23 |
| CVE-2025-32626 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Job Manager js-jobs allows SQL Injection.This issue affects JS Job Manager: from n/a through <= 2.0.2. | [email protected] | 9.3 | 0.15% | 2025-04-17 | 2026-04-23 |
| CVE-2025-32627 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager js-jobs allows PHP Local File Inclusion.This issue affects JS Job Manager: from n/a through <= 2.0.2. | [email protected] | 8.1 | 1.15% | 2025-04-11 | 2026-04-23 |
| CVE-2025-32146 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager js-jobs allows PHP Local File Inclusion.This issue affects JS Job Manager: from n/a through <= 2.0.2. | [email protected] | 8.8 | 1.60% | 2025-04-04 | 2026-04-23 |
| CVE-2025-31868 | Missing Authorization vulnerability in JoomSky JS Job Manager js-jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through <= 2.0.2. | [email protected] | 5.3 | 0.20% | 2025-04-01 | 2026-04-23 |
| CVE-2025-31867 | Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Job Manager js-jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through <= 2.0.2. | [email protected] | 5.4 | 0.04% | 2025-04-01 | 2026-04-23 |
| CVE-2025-30901 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Help Desk js-support-ticket allows PHP Local File Inclusion.This issue affects JS Help Desk: from n/a through <= 2.9.2. | [email protected] | 8.1 | 0.75% | 2025-04-01 | 2026-04-23 |
| CVE-2025-30886 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows SQL Injection.This issue affects JS Help Desk: from n/a through <= 2.9.2. | [email protected] | 9.3 | 0.11% | 2025-04-01 | 2026-04-23 |
| CVE-2025-30882 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk js-support-ticket allows Path Traversal.This issue affects JS Help Desk: from n/a through <= 2.9.1. | [email protected] | 7.5 | 0.36% | 2025-04-01 | 2026-04-23 |
| CVE-2025-30880 | Missing Authorization vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk: from n/a through <= 2.9.2. | [email protected] | 7.5 | 0.23% | 2025-04-01 | 2026-04-23 |
| CVE-2025-30878 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk js-support-ticket allows Path Traversal.This issue affects JS Help Desk: from n/a through <= 2.9.2. | [email protected] | 8.6 | 0.26% | 2025-04-01 | 2026-04-23 |
| CVE-2025-22209 | A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature. | [email protected] | 4.7 | 0.07% | 2025-02-15 | 2025-06-04 |
| CVE-2025-22208 | A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'filter_email' parameter in the GDPR Erase Data Request search feature. | [email protected] | 4.7 | 0.07% | 2025-02-15 | 2025-06-04 |
| CVE-2025-22206 | A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'fieldfor' parameter in the GDPR Field feature. | [email protected] | 4.7 | 1.12% | 2025-02-04 | 2025-06-04 |
| CVE-2022-46840 | Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1. | [email protected] | 5.4 | 0.16% | 2024-12-13 | 2026-04-28 |
| CVE-2022-46838 | Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1. | [email protected] | 9.1 | 0.38% | 2024-12-13 | 2026-04-28 |
| CVE-2023-28689 | Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through 2.0.0. | [email protected] | 6.5 | 0.17% | 2024-12-09 | 2026-04-28 |
| CVE-2024-51670 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JoomSky JS Help Desk js-support-ticket allows Stored XSS.This issue affects JS Help Desk: from n/a through <= 2.8.7. | [email protected] | 5.9 | 0.16% | 2024-11-09 | 2026-04-23 |
| CVE-2024-43274 | Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.6. | [email protected] | 5.8 | 0.26% | 2024-11-01 | 2026-01-26 |