VYPR

JNews Joomla Component

by JNews

CVEs (3)

  • CVE-2015-7341HigMar 9, 2020
    risk 0.57cvss 8.8epss 0.01

    JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension.

  • CVE-2015-7342HigMar 9, 2020
    risk 0.47cvss 7.2epss 0.01

    JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.

  • CVE-2015-7343MedMar 9, 2020
    risk 0.31cvss 4.8epss 0.01

    JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter.