CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2016-11020
https://notcve.org/view.php?id=CVE-2016-11020
24 Feb 2020 — Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution. Kunena anterior a la versión 5.0.4 no restringe las extensiones de archivos de avatar a gif, jpeg, jpg y png. Esto puede conducir a XSS y a la ejecución remota de código. • https://github.com/Kunena/Kunena-Forum/pull/5028 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 1%CPEs: 1EXPL: 1CVE-2019-15120
https://notcve.org/view.php?id=CVE-2019-15120
16 Aug 2019 — The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode. La extensión de Kunena versiones anteriores a 5.1.14 para Joomla!, permite un ataque de tipo XSS por medio de BBCode. • https://github.com/h3llraiser/CVE-2019-15120 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2017-5673
https://notcve.org/view.php?id=CVE-2017-5673
22 Mar 2017 — In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS. Six files are affected: crypsis/layouts/message/item/default.php, crypsis/layouts/message/item/top/default.php, crypsis/layouts/message/item/bottom/default.php, crypsisb3/layouts/message/item/default.php, crypsisb3/layouts/message/item/top/default.php, and crypsisb3/layouts/message/item/bottom/default.php. This is fixed in 5.0.5. En la extensión Kunena 5.0.2 en versiones... • http://www.fox.ra.it/technical-articles/kunena-vulnerability-2017-01.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-9102
https://notcve.org/view.php?id=CVE-2014-9102
26 Nov 2014 — Multiple SQL injection vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote authenticated users to execute arbitrary SQL commands via the index value in an array parameter, as demonstrated by the topics[] parameter in an unfavorite action to index.php. Múltiples vulnerabilidades de inyección SQL en el componente Kunena anterior a 3.0.6 para Joomla! permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del valor de indice en un parámetro del array, tal y... • http://packetstormsecurity.com/files/127683/Joomla-Kunena-Forum-3.0.5-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-9103
https://notcve.org/view.php?id=CVE-2014-9103
26 Nov 2014 — Multiple cross-site scripting (XSS) vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) index value of an array parameter or the filename parameter in the Content-Disposition header to the (2) file or (3) profile image upload functionality. Múltiples vulnerabilidades de XSS en el componente Kunena anterior a 3.0.6 para Joomla! permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de ... • http://packetstormsecurity.com/files/127684/joomlakunena305-xss.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2012-4868
https://notcve.org/view.php?id=CVE-2012-4868
06 Sep 2012 — SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en news.php en el componente Kunena v1.7.2 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id. • http://exploitsdownload.com/exploit/na/kunena-20-sql-injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 3CVE-2009-4550 – Joomla! Component Kunena Forums (com_kunena) - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-4550
04 Jan 2010 — SQL injection vulnerability in the Kunena Forum (com_kunena) component 1.5.3 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the func parameter to index.php. Vulnerabilidad de inyección SQL en el componente Kunena Forum (com_kunena) v1.5.3 y v1.5.4 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "func" a index.php. • https://www.exploit-db.com/exploits/9408 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •