Easydiscuss

easydiscuss

Vendor: Stackideas • 6 CVEs

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-21626 1Stackideas 1Easydiscuss Feb 18, 2026 Feb 6, 2026 9.2 CRITICAL· v4 7.5 HIGH· v3 N/A· v2 Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure
CVE-2026-21625 1Stackideas 1Easydiscuss Jan 30, 2026 Jan 16, 2026 4.8 MEDIUM· v4 8.8 HIGH· v3 N/A· v2 User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by file extensions, no mime type checks are happening.
CVE-2026-21624 1Stackideas 1Easydiscuss Jan 30, 2026 Jan 16, 2026 9.4 CRITICAL· v4 5.4 MEDIUM· v3 N/A· v2 Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss component for Joomla.
CVE-2026-21623 1Stackideas 1Easydiscuss Jan 30, 2026 Jan 16, 2026 9.4 CRITICAL· v4 5.4 MEDIUM· v3 N/A· v2 Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component for Joomla.
CVE-2023-51810 1Stackideas 1Easydiscuss Jun 20, 2025 Jan 16, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 SQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixed in v.5.0.10 allows a remote attacker to obtain sensitive information via a crafted request to the search parameter in the Users module.
CVE-2018-5263 1Stackideas 1Easydiscuss Nov 21, 2024 Jan 8, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0.21 for Joomla! allows XSS.