← Back

Jnews

jnews

Vendor: Joobi • 3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2015-7342
1Joobi
1Jnews
Nov 21, 2024
Mar 9, 2020
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.
CVE-2015-7341
1Joobi
1Jnews
Nov 21, 2024
Mar 9, 2020
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension.
CVE-2015-7343
1Joobi
1Jnews
Nov 21, 2024
Mar 9, 2020
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter.