Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kunena kunena vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-11020
Kunena prior to 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution.
Kunena Kunena
5.4
CVSSv3
CVE-2019-15120
The Kunena extension prior to 5.1.14 for Joomla! allows XSS via BBCode.
Kunena Kunena
1 Github repository
6.1
CVSSv3
CVE-2017-5673
In the Kunena extension 5.0.2 up to and including 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS. Six files are affected: crypsis/layouts/message/item/default.php, crypsis/layouts/message/item/top/default.php, crypsis/layouts/m...
Kunena Kunena 5.0.2
Kunena Kunena 5.0.4
Kunena Kunena 5.0.3
NA
CVE-2014-9102
Multiple SQL injection vulnerabilities in the Kunena component prior to 3.0.6 for Joomla! allow remote authenticated users to execute arbitrary SQL commands via the index value in an array parameter, as demonstrated by the topics[] parameter in an unfavorite action to index.php.
Kunena Kunena
NA
CVE-2014-9103
Multiple cross-site scripting (XSS) vulnerabilities in the Kunena component prior to 3.0.6 for Joomla! allow remote malicious users to inject arbitrary web script or HTML via the (1) index value of an array parameter or the filename parameter in the Content-Disposition header to ...
Kunena Kunena
NA
CVE-2012-4868
SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Kunena Kunena 1.7.2
NA
CVE-2009-4550
SQL injection vulnerability in the Kunena Forum (com_kunena) component 1.5.3 and 1.5.4 for Joomla! allows remote malicious users to execute arbitrary SQL commands via the func parameter to index.php.
Kunena Kunena Forum 1.5.3
Kunena Kunena Forum 1.5.4
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started