VYPR
Vendor

Phoca

Products
3
CVEs
6
Across products
6
Status
Private

Products

3

Recent CVEs

6
  • CVE-2025-54473CriAug 15, 2025
    risk 0.60cvss epss 0.00

    An authenticated RCE vulnerability in Phoca Commander component 1.0.0-4.0.0 and 5.0.0-5.0.1 for Joomla was discovered. The issue allows code execution via the unzip feature.

  • CVE-2026-23900MedApr 11, 2026
    risk 0.42cvss 6.5epss 0.00

    Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0.0-6.0.2 have been discovered.

  • CVE-2009-0702Feb 23, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php.

  • CVE-2025-2279Apr 4, 2025
    risk 0.00cvss epss 0.00

    The Maps WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting…

  • CVE-2024-53307Mar 10, 2025
    risk 0.00cvss epss 0.00

    A reflected cross-site scripting (XSS) vulnerability in the /mw/ endpoint of Evisions MAPS v6.10.2.267 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

  • CVE-2023-43091Nov 17, 2024
    risk 0.00cvss epss 0.01

    A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code.