彙總 joomsky 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 跨站腳本與CSRF 等問題,部分漏洞可能導致 檔案覆寫,並影響 生產負載與軟體部署 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-58234 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JoomSky JS Job Manager js-jobs allows Stored XSS.This issue affects JS Job Manager: from n/a through <= 2.0.2. | [email protected] | 6.5 | 0.19% | 2025-09-22 | 2026-06-17 |
| CVE-2025-32660 | Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager js-jobs allows Upload a Web Shell to a Web Server.This issue affects JS Job Manager: from n/a through <= 2.0.2. | [email protected] | 10.0 | 0.37% | 2025-04-17 | 2026-06-17 |
| CVE-2025-32626 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Job Manager js-jobs allows SQL Injection.This issue affects JS Job Manager: from n/a through <= 2.0.2. | [email protected] | 9.3 | 0.41% | 2025-04-17 | 2026-06-17 |
| CVE-2025-32627 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager js-jobs allows PHP Local File Inclusion.This issue affects JS Job Manager: from n/a through <= 2.0.2. | [email protected] | 8.1 | 0.77% | 2025-04-11 | 2026-06-17 |
| CVE-2025-32146 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager js-jobs allows PHP Local File Inclusion.This issue affects JS Job Manager: from n/a through <= 2.0.2. | [email protected] | 8.8 | 0.67% | 2025-04-04 | 2026-06-17 |
| CVE-2025-31868 | Missing Authorization vulnerability in JoomSky JS Job Manager js-jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through <= 2.0.2. | [email protected] | 5.3 | 0.27% | 2025-04-01 | 2026-06-17 |
| CVE-2025-31867 | Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Job Manager js-jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through <= 2.0.2. | [email protected] | 5.4 | 0.30% | 2025-04-01 | 2026-06-17 |
| CVE-2025-30901 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Help Desk js-support-ticket allows PHP Local File Inclusion.This issue affects JS Help Desk: from n/a through <= 2.9.2. | [email protected] | 8.1 | 0.76% | 2025-04-01 | 2026-06-17 |
| CVE-2025-30886 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows SQL Injection.This issue affects JS Help Desk: from n/a through <= 2.9.2. | [email protected] | 9.3 | 0.46% | 2025-04-01 | 2026-06-17 |
| CVE-2025-30882 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk js-support-ticket allows Path Traversal.This issue affects JS Help Desk: from n/a through <= 2.9.1. | [email protected] | 7.5 | 0.48% | 2025-04-01 | 2026-06-17 |
| CVE-2025-30880 | Missing Authorization vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk: from n/a through <= 2.9.2. | [email protected] | 7.5 | 0.40% | 2025-04-01 | 2026-06-17 |
| CVE-2025-30878 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk js-support-ticket allows Path Traversal.This issue affects JS Help Desk: from n/a through <= 2.9.2. | [email protected] | 8.6 | 0.55% | 2025-04-01 | 2026-06-17 |
| CVE-2025-22209 | A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature. | [email protected] | 4.7 | 0.27% | 2025-02-15 | 2026-06-17 |
| CVE-2025-22208 | A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'filter_email' parameter in the GDPR Erase Data Request search feature. | [email protected] | 4.7 | 0.60% | 2025-02-15 | 2026-06-17 |
| CVE-2025-22206 | A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'fieldfor' parameter in the GDPR Field feature. | [email protected] | 4.7 | 8.71% | 2025-02-04 | 2026-06-17 |
| CVE-2022-46840 | Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1. | [email protected] | 5.4 | 0.45% | 2024-12-13 | 2026-06-17 |
| CVE-2022-46838 | Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1. | [email protected] | 9.1 | 0.71% | 2024-12-13 | 2026-06-17 |
| CVE-2023-28689 | Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through 2.0.0. | [email protected] | 6.5 | 0.49% | 2024-12-09 | 2026-06-17 |
| CVE-2024-51670 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JoomSky JS Help Desk js-support-ticket allows Stored XSS.This issue affects JS Help Desk: from n/a through <= 2.8.7. | [email protected] | 5.9 | 0.25% | 2024-11-09 | 2026-06-17 |
| CVE-2024-43274 | Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.6. | [email protected] | 5.8 | 0.44% | 2024-11-01 | 2026-06-17 |