Stackideas

stackideas

9 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-21626 1Stackideas 1Easydiscuss Feb 18, 2026 Feb 6, 2026 9.2 CRITICAL· v4 7.5 HIGH· v3 N/A· v2 Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure
CVE-2026-21625 1Stackideas 1Easydiscuss Jan 30, 2026 Jan 16, 2026 4.8 MEDIUM· v4 8.8 HIGH· v3 N/A· v2 User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by file extensions, no mime type checks are happening.
CVE-2026-21624 1Stackideas 1Easydiscuss Jan 30, 2026 Jan 16, 2026 9.4 CRITICAL· v4 5.4 MEDIUM· v3 N/A· v2 Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss component for Joomla.
CVE-2026-21623 1Stackideas 1Easydiscuss Jan 30, 2026 Jan 16, 2026 9.4 CRITICAL· v4 5.4 MEDIUM· v3 N/A· v2 Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component for Joomla.
CVE-2023-51810 1Stackideas 1Easydiscuss Jun 20, 2025 Jan 16, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 SQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixed in v.5.0.10 allows a remote attacker to obtain sensitive information via a crafted request to the search parameter in the Users module.
CVE-2018-5263 1Stackideas 1Easydiscuss Nov 21, 2024 Jan 8, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0.21 for Joomla! allows XSS.
CVE-2015-7324 1Stackideas 1Komento May 13, 2026 Dec 27, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the...Show more Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) img or (2) url tag of a new comment.Show less
CVE-2014-1837 1Stackideas 1Komento Apr 29, 2026 Jan 30, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the StackIdeas Komento (com_komento) component before 1.7.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors related to "checking new comm...Show more Cross-site scripting (XSS) vulnerability in the StackIdeas Komento (com_komento) component before 1.7.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors related to "checking new comments."Show less
CVE-2014-0793 1Stackideas 1Komento Apr 29, 2026 Jan 30, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) lati...Show more Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) latitude parameter in a comment to the default URI.Show less