2.5.3

DATE	CVE	VULNERABILITY TITLE	RISK
2013-05-03	CVE-2013-3057	Permissions, Privileges, and Access Controls vulnerability in Joomla Joomla! Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors. network low complexity joomla CWE-264	4.0
2013-05-03	CVE-2013-3056	Permissions, Privileges, and Access Controls vulnerability in Joomla Joomla! Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors. network low complexity joomla CWE-264	4.0
2013-02-13	CVE-2013-1453	Unspecified vulnerability in Joomla Joomla! plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. network low complexity joomla	7.5
2012-11-11	CVE-2012-5827	Clickjacking Security Bypass vulnerability in Joomla! Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection." network joomla	4.3
2012-10-31	CVE-2012-4532	Cross-Site Scripting vulnerability in Joomla Joomla! Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. network joomla CWE-79	4.3
2012-10-31	CVE-2012-4531	Cross-Site Scripting vulnerability in Joomla Joomla! Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network joomla CWE-79	4.3
2012-09-06	CVE-2012-1612	Cross-Site Scripting vulnerability in Joomla Joomla! Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network joomla CWE-79	4.3
2012-09-06	CVE-2012-1611	Permissions, Privileges, and Access Controls vulnerability in Joomla Joomla! Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. network low complexity joomla CWE-264	5.0
2012-08-10	CVE-2012-4235	Information Exposure vulnerability in Rsgallery2 COM Rsgallery2 The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI. network low complexity rsgallery2 joomla CWE-200	5.0
2012-08-10	CVE-2012-4071	Cross-Site Scripting vulnerability in Rsgallery2 COM Rsgallery2 Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment. network rsgallery2 joomla CWE-79	4.3