Search
Search Results (9 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25740 | 1 Joomsky | 1 Js Jobs | 2026-06-04 | 6.5 Medium |
| Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST requests to the job.savejob task with path traversal sequences in the field_2 parameter to delete arbitrary files accessible to the web server. | ||||
| CVE-2018-25327 | 1 Joomsky | 1 Js Jobs | 2026-05-18 | 5.3 Medium |
| Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modify component settings when administrators visit attacker-controlled pages. | ||||
| CVE-2025-54475 | 2 Joomla, Joomsky | 3 Joomla, Joomla!, Js Jobs | 2026-04-15 | N/A |
| A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands. | ||||
| CVE-2025-22206 | 1 Joomsky | 1 Js Jobs | 2025-06-04 | 4.7 Medium |
| A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'fieldfor' parameter in the GDPR Field feature. | ||||
| CVE-2025-22208 | 1 Joomsky | 1 Js Jobs | 2025-06-04 | 4.7 Medium |
| A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'filter_email' parameter in the GDPR Erase Data Request search feature. | ||||
| CVE-2025-22209 | 1 Joomsky | 1 Js Jobs | 2025-06-04 | 4.7 Medium |
| A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature. | ||||
| CVE-2019-17527 | 1 Joomsky | 1 Js Jobs | 2024-11-21 | 9.8 Critical |
| dataForDepandantField in models/custormfields.php in the JS JOBS FREE extension before 1.2.7 for Joomla! allows SQL Injection via the index.php?option=com_jsjobs&task=customfields.getfieldtitlebyfieldandfieldfo child parameter. | ||||
| CVE-2018-9183 | 1 Joomsky | 1 Js Jobs | 2024-11-21 | N/A |
| The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS. | ||||
| CVE-2018-5994 | 1 Joomsky | 1 Js Jobs | 2024-11-21 | N/A |
| SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request. | ||||
Page 1 of 1.