CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51810
https://notcve.org/view.php?id=CVE-2023-51810
SQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixed in v.5.0.10 allows a remote attacker to obtain sensitive information via a crafted request to the search parameter in the Users module. Vulnerabilidad de inyección SQL en StackIdeas EasyDiscuss v.5.0.5 y corregida en v.5.0.10 permite a un atacante remoto obtener información confidencial a través de una solicitud manipulada al parámetro search en el módulo Users. • https://github.com/Pastea/CVE-2023-51810 http://easydiscuss.com http://stackideas.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-5263 – Joomla! Component Easydiscuss < 4.0.21 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-5263
The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0.21 for Joomla! allows XSS. La extensión StackIdeas EasyDiscuss (también conocido como com_easydiscuss) en versiones anteriores a la 4.0.21 para Joomla! permite Cross-Site Scripting (XSS). Joomla! • https://www.exploit-db.com/exploits/43488 https://stackideas.com/blog/easydiscuss4021-update • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2015-7324 – Joomla Komento Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-7324
Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) img or (2) url tag of a new comment. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en helpers/comment.php en el componente StackIdeas Komento (com_komento) en versiones anteriores a la 2.0.5 para Joomla! permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante las etiquetas (1) img o (2) url de un nuevo comentario. Joomla Komento versions prior to 2.0.5 suffer from a persistent cross site scripting vulnerability. • http://seclists.org/fulldisclosure/2015/Oct/11 https://stackideas.com/changelog/komento?version=2.0.5 https://www.davidsopas.com/komento-joomla-component-persistent-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2014-1837
https://notcve.org/view.php?id=CVE-2014-1837
Cross-site scripting (XSS) vulnerability in the StackIdeas Komento (com_komento) component before 1.7.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors related to "checking new comments." Vulnerabilidad de XSS en el componente StackIdeas Komento (com_komento) anterior a la versión 1.7.4 para Joomla! permite a atacantes remotos inyectar script Web o HTML arbitrario a través de vectores relacionados con "la comprobación de nuevos comentarios." • http://osvdb.org/102563 http://secunia.com/advisories/56577 http://stackideas.com/downloads/changelog/komento http://www.securityfocus.com/bid/65173 https://exchange.xforce.ibmcloud.com/vulnerabilities/90974 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 3CVE-2014-0793 – Joomla! Component Komento 1.7.2 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-0793
Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) latitude parameter in a comment to the default URI. Múltiples vulnerabilidades de XSS en el componente StackIdeas Komento (com_komento) anterior a la versión 1.7.3 para Joomla! permite a atacantes remotos inyectar script Web o HTML arbitrario a través del parámetro (1) website o (2) latitude en un comentario hacia la URI por defecto. Joomla Komento extension version 1.7.2 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/31174 http://stackideas.com/downloads/changelog/komento http://www.exploit-db.com/exploits/31174 http://www.securityfocus.com/archive/1/530873/100/0/threaded http://www.securityfocus.com/bid/64659 https://www.htbridge.com/advisory/HTB23194 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •