Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by DJ-Extensions.com
CVE-2025-60133 (GCVE-0-2025-60133)
Vulnerability from nvd – Published: 2025-09-26 08:31 – Updated: 2026-04-28 16:13
VLAI
Title
WordPress PE Easy Slider Plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DJ-Extensions.com PE Easy Slider pe-easy-slider allows Stored XSS.This issue affects PE Easy Slider: from n/a through <= 1.1.0.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| DJ-Extensions.com | PE Easy Slider |
Affected:
0 , ≤ 1.1.0
(custom)
|
Date Public
2026-04-01 16:43
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-60133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-26T16:54:03.227337Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T16:54:12.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "pe-easy-slider",
"product": "PE Easy Slider",
"vendor": "DJ-Extensions.com",
"versions": [
{
"lessThanOrEqual": "1.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nabil Irawan | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:43:34.056Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in DJ-Extensions.com PE Easy Slider pe-easy-slider allows Stored XSS.\u003cp\u003eThis issue affects PE Easy Slider: from n/a through \u003c= 1.1.0.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in DJ-Extensions.com PE Easy Slider pe-easy-slider allows Stored XSS.This issue affects PE Easy Slider: from n/a through \u003c= 1.1.0."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:13:55.418Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/pe-easy-slider/vulnerability/wordpress-pe-easy-slider-plugin-1-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress PE Easy Slider Plugin \u003c= 1.1.0 - Cross Site Scripting (XSS) Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-60133",
"datePublished": "2025-09-26T08:31:43.196Z",
"dateReserved": "2025-09-25T15:20:34.879Z",
"dateUpdated": "2026-04-28T16:13:55.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54474 (GCVE-0-2025-54474)
Vulnerability from nvd – Published: 2025-08-15 11:54 – Updated: 2025-08-15 12:57
VLAI
Title
Extension - dj-extensions.com - SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla
Summary
A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://dj-extensions.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| dj-extensions.com | DJ-Classifieds component for Joomla |
Affected:
3.9.2-3.10.1
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54474",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T12:12:14.613994Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T12:57:50.080Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "com_classifieds",
"product": "DJ-Classifieds component for Joomla",
"vendor": "dj-extensions.com",
"versions": [
{
"status": "affected",
"version": "3.9.2-3.10.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sebastian Je\u017c"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands."
}
],
"value": "A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T11:54:40.609Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://dj-extensions.com/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - dj-extensions.com - SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2025-54474",
"datePublished": "2025-08-15T11:54:40.609Z",
"dateReserved": "2025-07-23T11:16:48.711Z",
"dateUpdated": "2025-08-15T12:57:50.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54295 (GCVE-0-2025-54295)
Vulnerability from nvd – Published: 2025-07-23 11:15 – Updated: 2025-07-24 04:41
VLAI
Title
Extension - dj-extensions.com - Reflected XSS vulnerability in DJ-Reviews component 1.0-1.3.6 for Joomla
Summary
A Reflected XSS vulnerability in DJ-Reviews component 1.0-1.3.6 for Joomla was discovered.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://dj-extensions.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| dj-extensions.com | DJ-Reviews component for Joomla |
Affected:
1.0-1.3.6
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54295",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T13:14:18.604575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T13:14:25.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "com_djreviews",
"product": "DJ-Reviews component for Joomla",
"vendor": "dj-extensions.com",
"versions": [
{
"status": "affected",
"version": "1.0-1.3.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sebastian Je\u017c"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Reflected XSS vulnerability in DJ-Reviews component 1.0-1.3.6 for Joomla was discovered."
}
],
"value": "A Reflected XSS vulnerability in DJ-Reviews component 1.0-1.3.6 for Joomla was discovered."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T04:41:14.871Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://dj-extensions.com/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - dj-extensions.com - Reflected XSS vulnerability in DJ-Reviews component 1.0-1.3.6 for Joomla",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2025-54295",
"datePublished": "2025-07-23T11:15:23.575Z",
"dateReserved": "2025-07-18T09:19:28.941Z",
"dateUpdated": "2025-07-24T04:41:14.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-50127 (GCVE-0-2025-50127)
Vulnerability from nvd – Published: 2025-07-23 11:14 – Updated: 2025-07-24 04:41
VLAI
Title
Extension - dj-extensions.com - SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla
Summary
A SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://dj-extensions.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| dj-extensions.com | DJ-Flyer component for Joomla |
Affected:
1.0-3.2
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-50127",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T13:17:54.692490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T13:17:59.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "com_djflyer",
"product": "DJ-Flyer component for Joomla",
"vendor": "dj-extensions.com",
"versions": [
{
"status": "affected",
"version": "1.0-3.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sebastian Je\u017c"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands."
}
],
"value": "A SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T04:41:07.051Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://dj-extensions.com/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - dj-extensions.com - SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2025-50127",
"datePublished": "2025-07-23T11:14:17.617Z",
"dateReserved": "2025-06-12T15:19:24.363Z",
"dateUpdated": "2025-07-24T04:41:07.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27183 (GCVE-0-2024-27183)
Vulnerability from nvd – Published: 2024-07-09 18:05 – Updated: 2025-03-18 04:33
VLAI
Title
Extension - dj-extensions.com - XSS vulnerability in DJ-HelpfulArticles component for Joomla 1.0.0-1.1.0
Summary
XSS vulnerability in DJ-HelpfulArticles component for Joomla.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://extensions.joomla.org/extension/dj-helpfu… | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| dj-extensions.com | DJ-HelpfulArticles for Joomla |
Affected:
1.0.0-1.1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27183",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T17:17:01.912131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T18:38:03.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://extensions.joomla.org/extension/dj-helpfularticles/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://extensions.joomla.org/extension/dj-helpfularticles/",
"defaultStatus": "unaffected",
"packageName": "com_djhelpfularticles",
"product": "DJ-HelpfulArticles for Joomla",
"vendor": "dj-extensions.com",
"versions": [
{
"status": "affected",
"version": "1.0.0-1.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mateusz Lach"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "XSS vulnerability in DJ-HelpfulArticles component for Joomla."
}
],
"value": "XSS vulnerability in DJ-HelpfulArticles component for Joomla."
}
],
"impacts": [
{
"capecId": "CAPEC-18",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-18 XSS Targeting Non-Script Elements"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T04:33:57.625Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://extensions.joomla.org/extension/dj-helpfularticles/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - dj-extensions.com - XSS vulnerability in DJ-HelpfulArticles component for Joomla 1.0.0-1.1.0",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2024-27183",
"datePublished": "2024-07-09T18:05:22.200Z",
"dateReserved": "2024-02-21T04:29:37.775Z",
"dateUpdated": "2025-03-18T04:33:57.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-60133 (GCVE-0-2025-60133)
Vulnerability from cvelistv5 – Published: 2025-09-26 08:31 – Updated: 2026-04-28 16:13
VLAI
Title
WordPress PE Easy Slider Plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DJ-Extensions.com PE Easy Slider pe-easy-slider allows Stored XSS.This issue affects PE Easy Slider: from n/a through <= 1.1.0.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| DJ-Extensions.com | PE Easy Slider |
Affected:
0 , ≤ 1.1.0
(custom)
|
Date Public
2026-04-01 16:43
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-60133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-26T16:54:03.227337Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T16:54:12.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "pe-easy-slider",
"product": "PE Easy Slider",
"vendor": "DJ-Extensions.com",
"versions": [
{
"lessThanOrEqual": "1.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nabil Irawan | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:43:34.056Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in DJ-Extensions.com PE Easy Slider pe-easy-slider allows Stored XSS.\u003cp\u003eThis issue affects PE Easy Slider: from n/a through \u003c= 1.1.0.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in DJ-Extensions.com PE Easy Slider pe-easy-slider allows Stored XSS.This issue affects PE Easy Slider: from n/a through \u003c= 1.1.0."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:13:55.418Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/pe-easy-slider/vulnerability/wordpress-pe-easy-slider-plugin-1-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress PE Easy Slider Plugin \u003c= 1.1.0 - Cross Site Scripting (XSS) Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-60133",
"datePublished": "2025-09-26T08:31:43.196Z",
"dateReserved": "2025-09-25T15:20:34.879Z",
"dateUpdated": "2026-04-28T16:13:55.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54474 (GCVE-0-2025-54474)
Vulnerability from cvelistv5 – Published: 2025-08-15 11:54 – Updated: 2025-08-15 12:57
VLAI
Title
Extension - dj-extensions.com - SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla
Summary
A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://dj-extensions.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| dj-extensions.com | DJ-Classifieds component for Joomla |
Affected:
3.9.2-3.10.1
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54474",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T12:12:14.613994Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T12:57:50.080Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "com_classifieds",
"product": "DJ-Classifieds component for Joomla",
"vendor": "dj-extensions.com",
"versions": [
{
"status": "affected",
"version": "3.9.2-3.10.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sebastian Je\u017c"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands."
}
],
"value": "A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T11:54:40.609Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://dj-extensions.com/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - dj-extensions.com - SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2025-54474",
"datePublished": "2025-08-15T11:54:40.609Z",
"dateReserved": "2025-07-23T11:16:48.711Z",
"dateUpdated": "2025-08-15T12:57:50.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54295 (GCVE-0-2025-54295)
Vulnerability from cvelistv5 – Published: 2025-07-23 11:15 – Updated: 2025-07-24 04:41
VLAI
Title
Extension - dj-extensions.com - Reflected XSS vulnerability in DJ-Reviews component 1.0-1.3.6 for Joomla
Summary
A Reflected XSS vulnerability in DJ-Reviews component 1.0-1.3.6 for Joomla was discovered.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://dj-extensions.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| dj-extensions.com | DJ-Reviews component for Joomla |
Affected:
1.0-1.3.6
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54295",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T13:14:18.604575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T13:14:25.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "com_djreviews",
"product": "DJ-Reviews component for Joomla",
"vendor": "dj-extensions.com",
"versions": [
{
"status": "affected",
"version": "1.0-1.3.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sebastian Je\u017c"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Reflected XSS vulnerability in DJ-Reviews component 1.0-1.3.6 for Joomla was discovered."
}
],
"value": "A Reflected XSS vulnerability in DJ-Reviews component 1.0-1.3.6 for Joomla was discovered."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T04:41:14.871Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://dj-extensions.com/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - dj-extensions.com - Reflected XSS vulnerability in DJ-Reviews component 1.0-1.3.6 for Joomla",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2025-54295",
"datePublished": "2025-07-23T11:15:23.575Z",
"dateReserved": "2025-07-18T09:19:28.941Z",
"dateUpdated": "2025-07-24T04:41:14.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-50127 (GCVE-0-2025-50127)
Vulnerability from cvelistv5 – Published: 2025-07-23 11:14 – Updated: 2025-07-24 04:41
VLAI
Title
Extension - dj-extensions.com - SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla
Summary
A SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://dj-extensions.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| dj-extensions.com | DJ-Flyer component for Joomla |
Affected:
1.0-3.2
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-50127",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T13:17:54.692490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T13:17:59.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "com_djflyer",
"product": "DJ-Flyer component for Joomla",
"vendor": "dj-extensions.com",
"versions": [
{
"status": "affected",
"version": "1.0-3.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sebastian Je\u017c"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands."
}
],
"value": "A SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T04:41:07.051Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://dj-extensions.com/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - dj-extensions.com - SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2025-50127",
"datePublished": "2025-07-23T11:14:17.617Z",
"dateReserved": "2025-06-12T15:19:24.363Z",
"dateUpdated": "2025-07-24T04:41:07.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27183 (GCVE-0-2024-27183)
Vulnerability from cvelistv5 – Published: 2024-07-09 18:05 – Updated: 2025-03-18 04:33
VLAI
Title
Extension - dj-extensions.com - XSS vulnerability in DJ-HelpfulArticles component for Joomla 1.0.0-1.1.0
Summary
XSS vulnerability in DJ-HelpfulArticles component for Joomla.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://extensions.joomla.org/extension/dj-helpfu… | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| dj-extensions.com | DJ-HelpfulArticles for Joomla |
Affected:
1.0.0-1.1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27183",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T17:17:01.912131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T18:38:03.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://extensions.joomla.org/extension/dj-helpfularticles/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://extensions.joomla.org/extension/dj-helpfularticles/",
"defaultStatus": "unaffected",
"packageName": "com_djhelpfularticles",
"product": "DJ-HelpfulArticles for Joomla",
"vendor": "dj-extensions.com",
"versions": [
{
"status": "affected",
"version": "1.0.0-1.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mateusz Lach"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "XSS vulnerability in DJ-HelpfulArticles component for Joomla."
}
],
"value": "XSS vulnerability in DJ-HelpfulArticles component for Joomla."
}
],
"impacts": [
{
"capecId": "CAPEC-18",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-18 XSS Targeting Non-Script Elements"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T04:33:57.625Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://extensions.joomla.org/extension/dj-helpfularticles/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - dj-extensions.com - XSS vulnerability in DJ-HelpfulArticles component for Joomla 1.0.0-1.1.0",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2024-27183",
"datePublished": "2024-07-09T18:05:22.200Z",
"dateReserved": "2024-02-21T04:29:37.775Z",
"dateUpdated": "2025-03-18T04:33:57.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}