azd-cert/CVE

azd-cert/CVE

Unavailable

This project is no longer available (or publicly accessible) from GitHub

Releases0

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2019-9918 ↗	Mar 29, 2019Friday, 29 March 2019, 15:29	9.1 CRITICAL	6.4 MEDIUM
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database.
CVE-2019-9919 ↗	Mar 29, 2019Friday, 29 March 2019, 15:29	5.4 MEDIUM	3.5 LOW
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when the message is opened, aka XSS.
CVE-2019-9920 ↗	Mar 29, 2019Friday, 29 March 2019, 15:29	8.8 HIGH	6.5 MEDIUM
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to perform an action within the context of the account of another user.
CVE-2019-9921 ↗	Mar 29, 2019Friday, 29 March 2019, 15:29	6.5 MEDIUM	4 MEDIUM
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user.
CVE-2019-9922 ↗	Mar 29, 2019Friday, 29 March 2019, 15:29	7.5 HIGH	5 MEDIUM
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files.