Vulnerabilities > Joomla > Joomla > 1.5.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-11-16 | CVE-2009-3945 | Remote Security vulnerability in Joomla! Unspecified vulnerability in the Front-End Editor in the com_content component in Joomla! before 1.5.15 allows remote authenticated users, with Author privileges, to replace the articles of an arbitrary user via unknown vectors. | 5.5 |
| 2009-09-16 | CVE-2009-3215 | SQL Injection vulnerability in PHP-Shop-System Ixxo Cart SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter. | 7.5 |
| 2009-06-05 | CVE-2009-1940 | Cross-Site Scripting vulnerability in Joomla Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-06-05 | CVE-2009-1939 | Cross-Site Scripting vulnerability in Joomla Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-06-05 | CVE-2009-1938 | Cross-Site Scripting vulnerability in Joomla Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel. | 4.3 |
| 2009-04-09 | CVE-2009-1280 | Cross-Site Request Forgery (CSRF) vulnerability in Joomla Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
| 2009-04-09 | CVE-2009-1279 | Cross-Site Scripting vulnerability in Joomla Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in the com_content component. | 2.6 |
| 2009-02-26 | CVE-2008-6299 | Cross-Site Scripting vulnerability in Joomla Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission." | 3.5 |
| 2009-01-09 | CVE-2009-0113 | Path Traversal vulnerability in Joomla Xstandard Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. | 5.0 |
| 2008-09-18 | CVE-2008-4105 | Improper Input Validation vulnerability in Joomla JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact. | 7.5 |