JNews Joomla Component
by JNews
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-7341 | Hig | 0.57 | 8.8 | 0.01 | Mar 9, 2020 | JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension. | ||
| CVE-2015-7342 | Hig | 0.47 | 7.2 | 0.01 | Mar 9, 2020 | JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field. | ||
| CVE-2015-7343 | Med | 0.31 | 4.8 | 0.01 | Mar 9, 2020 | JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter. |
- risk 0.57cvss 8.8epss 0.01
JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension.
- risk 0.47cvss 7.2epss 0.01
JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.
- risk 0.31cvss 4.8epss 0.01
JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter.