Cmsjunkie

cmsjunkie

3 CVEs • 2 products

Products (2)

Click to collapse

Toggle

J Classifiedsmanager

j-classifiedsmanager

J Businessdirectory

j-businessdirectory

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-5182 1Cmsjunkie 1J Businessdirectory Nov 21, 2024 Feb 3, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing. In some configurations, the link to the business website can be entered by any user. If it doesn't contain rel="noopener" (or similar...Show more The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing. In some configurations, the link to the business website can be entered by any user. If it doesn't contain rel="noopener" (or similar attributes such as noreferrer), the tabnabbing may occur. To reproduce the bug, create a business with a website link that contains JavaScript to exploit the window.opener property (for example, by setting window.opener.location).Show less
CVE-2015-1478 1Cmsjunkie 1J Classifiedsmanager May 6, 2026 Feb 4, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the view parameter to /classifieds.
CVE-2015-1477 1Cmsjunkie 1J Classifiedsmanager May 6, 2026 Feb 4, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewad task to classifieds/offerring-ads.