Vulnerabilities > Joomla > Joomla > 2.5.0

DATE CVE VULNERABILITY TITLE RISK
2013-05-03 CVE-2013-3059 Cross-Site Scripting vulnerability in Joomla Joomla!
Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
joomla CWE-79
4.3
4.3
2013-05-03 CVE-2013-3058 Cross-Site Scripting vulnerability in Joomla Joomla!
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
joomla CWE-79
4.3
4.3
2013-05-03 CVE-2013-3057 Permissions, Privileges, and Access Controls vulnerability in Joomla Joomla!
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors.
network
low complexity
joomla CWE-264
4.0
4.0
2013-05-03 CVE-2013-3056 Permissions, Privileges, and Access Controls vulnerability in Joomla Joomla!
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors.
network
low complexity
joomla CWE-264
4.0
4.0
2013-02-13 CVE-2013-1453 Unspecified vulnerability in Joomla Joomla!
plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter.
network
low complexity
joomla
7.5
7.5
2012-11-11 CVE-2012-5827 Clickjacking Security Bypass vulnerability in Joomla!
Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection."
network
joomla
4.3
4.3
2012-10-31 CVE-2012-4532 Cross-Site Scripting vulnerability in Joomla Joomla!
Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
network
joomla CWE-79
4.3
4.3
2012-10-31 CVE-2012-4531 Cross-Site Scripting vulnerability in Joomla Joomla!
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
joomla CWE-79
4.3
4.3
2012-09-26 CVE-2012-1117 Cross-Site Scripting vulnerability in Joomla Joomla! 2.5.0/2.5.1
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
joomla CWE-79
4.3
4.3
2012-09-26 CVE-2012-1116 SQL Injection vulnerability in Joomla Joomla!
SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
joomla CWE-89
7.5
7.5