Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities by rockettheme
CVE-2024-9382 (GCVE-0-2024-9382)
Vulnerability from cvelistv5 – Published: 2024-10-18 04:32 – Updated: 2026-04-08 17:26
VLAI
Title
Gantry 4 Framework <= 4.1.21 - Reflected Cross-Site Scripting
Summary
The Gantry 4 Framework plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'override_id' parameter in all versions up to, and including, 4.1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| gantry | Gantry 4 Framework |
Affected:
0 , ≤ 4.1.21
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9382",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T16:36:07.126464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T16:36:14.191Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gantry 4 Framework",
"vendor": "gantry",
"versions": [
{
"lessThanOrEqual": "4.1.21",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "vgo0"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Gantry 4 Framework plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u0027override_id\u0027 parameter in all versions up to, and including, 4.1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:26:01.323Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d539a066-6b59-4235-868e-f3085436e9f4?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/gantry/trunk/admin_functions.php#L677"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-17T15:42:49.000Z",
"value": "Disclosed"
}
],
"title": "Gantry 4 Framework \u003c= 4.1.21 - Reflected Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-9382",
"datePublished": "2024-10-18T04:32:56.291Z",
"dateReserved": "2024-09-30T21:12:54.912Z",
"dateUpdated": "2026-04-08T17:26:01.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2010-1479 (GCVE-0-2010-1479)
Vulnerability from cvelistv5 – Published: 2010-04-19 19:04 – Updated: 2024-08-07 01:28
VLAI
Summary
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/39255 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/39378 | vdb-entryx_refsource_BID |
| http://www.rockettheme.com/extensions-downloads/f… | x_refsource_CONFIRM |
| http://www.rockettheme.com/extensions-updates/673… | x_refsource_CONFIRM |
| http://www.exploit-db.com/exploits/12148 | exploitx_refsource_EXPLOIT-DB |
| http://packetstormsecurity.org/1004-exploits/joom… | x_refsource_MISC |
Date Public
2010-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:41.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39255"
},
{
"name": "39378",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39378"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released"
},
{
"name": "12148",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/12148"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1004-exploits/joomlarokmodule-bsql.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-17T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39255"
},
{
"name": "39378",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39378"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released"
},
{
"name": "12148",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/12148"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1004-exploits/joomlarokmodule-bsql.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39255"
},
{
"name": "39378",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39378"
},
{
"name": "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download",
"refsource": "CONFIRM",
"url": "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download"
},
{
"name": "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released",
"refsource": "CONFIRM",
"url": "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released"
},
{
"name": "12148",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12148"
},
{
"name": "http://packetstormsecurity.org/1004-exploits/joomlarokmodule-bsql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/joomlarokmodule-bsql.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1479",
"datePublished": "2010-04-19T19:04:00.000Z",
"dateReserved": "2010-04-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:28:41.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1480 (GCVE-0-2010-1480)
Vulnerability from cvelistv5 – Published: 2010-04-19 19:04 – Updated: 2024-09-16 22:02
VLAI
Summary
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/39255 | third-party-advisoryx_refsource_SECUNIA |
| http://www.rockettheme.com/extensions-updates/673… | x_refsource_MISC |
| http://www.rockettheme.com/extensions-downloads/f… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:40.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39255"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-19T19:04:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39255"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39255"
},
{
"name": "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released",
"refsource": "MISC",
"url": "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released"
},
{
"name": "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download",
"refsource": "MISC",
"url": "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1480",
"datePublished": "2010-04-19T19:04:00.000Z",
"dateReserved": "2010-04-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:02:33.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1056 (GCVE-0-2010-1056)
Vulnerability from cvelistv5 – Published: 2010-03-23 17:00 – Updated: 2024-08-07 01:14
VLAI
Summary
Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/38982 | third-party-advisoryx_refsource_SECUNIA |
| http://packetstormsecurity.org/1003-exploits/joom… | x_refsource_MISC |
| http://www.securityfocus.com/bid/38741 | vdb-entryx_refsource_BID |
| http://osvdb.org/62972 | vdb-entryx_refsource_OSVDB |
| http://www.rockettheme.com/extensions-updates/638… | x_refsource_CONFIRM |
| http://www.exploit-db.com/exploits/11760 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2010-03-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:04.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38982"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1003-exploits/joomlarokdownloads-lfi.txt"
},
{
"name": "38741",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38741"
},
{
"name": "62972",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62972"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.rockettheme.com/extensions-updates/638-rokdownloads-10-released"
},
{
"name": "11760",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/11760"
},
{
"name": "rokdownloads-index-file-include(56898)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56898"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38982"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1003-exploits/joomlarokdownloads-lfi.txt"
},
{
"name": "38741",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38741"
},
{
"name": "62972",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62972"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.rockettheme.com/extensions-updates/638-rokdownloads-10-released"
},
{
"name": "11760",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/11760"
},
{
"name": "rokdownloads-index-file-include(56898)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56898"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38982"
},
{
"name": "http://packetstormsecurity.org/1003-exploits/joomlarokdownloads-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1003-exploits/joomlarokdownloads-lfi.txt"
},
{
"name": "38741",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38741"
},
{
"name": "62972",
"refsource": "OSVDB",
"url": "http://osvdb.org/62972"
},
{
"name": "http://www.rockettheme.com/extensions-updates/638-rokdownloads-10-released",
"refsource": "CONFIRM",
"url": "http://www.rockettheme.com/extensions-updates/638-rokdownloads-10-released"
},
{
"name": "11760",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11760"
},
{
"name": "rokdownloads-index-file-include(56898)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56898"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1056",
"datePublished": "2010-03-23T17:00:00.000Z",
"dateReserved": "2010-03-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:14:04.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9382 (GCVE-0-2024-9382)
Vulnerability from nvd – Published: 2024-10-18 04:32 – Updated: 2026-04-08 17:26
VLAI
Title
Gantry 4 Framework <= 4.1.21 - Reflected Cross-Site Scripting
Summary
The Gantry 4 Framework plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'override_id' parameter in all versions up to, and including, 4.1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| gantry | Gantry 4 Framework |
Affected:
0 , ≤ 4.1.21
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9382",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T16:36:07.126464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T16:36:14.191Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gantry 4 Framework",
"vendor": "gantry",
"versions": [
{
"lessThanOrEqual": "4.1.21",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "vgo0"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Gantry 4 Framework plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u0027override_id\u0027 parameter in all versions up to, and including, 4.1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:26:01.323Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d539a066-6b59-4235-868e-f3085436e9f4?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/gantry/trunk/admin_functions.php#L677"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-17T15:42:49.000Z",
"value": "Disclosed"
}
],
"title": "Gantry 4 Framework \u003c= 4.1.21 - Reflected Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-9382",
"datePublished": "2024-10-18T04:32:56.291Z",
"dateReserved": "2024-09-30T21:12:54.912Z",
"dateUpdated": "2026-04-08T17:26:01.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2010-1480 (GCVE-0-2010-1480)
Vulnerability from nvd – Published: 2010-04-19 19:04 – Updated: 2024-09-16 22:02
VLAI
Summary
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/39255 | third-party-advisoryx_refsource_SECUNIA |
| http://www.rockettheme.com/extensions-updates/673… | x_refsource_MISC |
| http://www.rockettheme.com/extensions-downloads/f… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:40.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39255"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-19T19:04:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39255"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39255"
},
{
"name": "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released",
"refsource": "MISC",
"url": "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released"
},
{
"name": "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download",
"refsource": "MISC",
"url": "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1480",
"datePublished": "2010-04-19T19:04:00.000Z",
"dateReserved": "2010-04-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:02:33.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1479 (GCVE-0-2010-1479)
Vulnerability from nvd – Published: 2010-04-19 19:04 – Updated: 2024-08-07 01:28
VLAI
Summary
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/39255 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/39378 | vdb-entryx_refsource_BID |
| http://www.rockettheme.com/extensions-downloads/f… | x_refsource_CONFIRM |
| http://www.rockettheme.com/extensions-updates/673… | x_refsource_CONFIRM |
| http://www.exploit-db.com/exploits/12148 | exploitx_refsource_EXPLOIT-DB |
| http://packetstormsecurity.org/1004-exploits/joom… | x_refsource_MISC |
Date Public
2010-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:41.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39255"
},
{
"name": "39378",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39378"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released"
},
{
"name": "12148",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/12148"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1004-exploits/joomlarokmodule-bsql.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-17T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39255"
},
{
"name": "39378",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39378"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released"
},
{
"name": "12148",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/12148"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1004-exploits/joomlarokmodule-bsql.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39255"
},
{
"name": "39378",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39378"
},
{
"name": "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download",
"refsource": "CONFIRM",
"url": "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download"
},
{
"name": "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released",
"refsource": "CONFIRM",
"url": "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released"
},
{
"name": "12148",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12148"
},
{
"name": "http://packetstormsecurity.org/1004-exploits/joomlarokmodule-bsql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/joomlarokmodule-bsql.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1479",
"datePublished": "2010-04-19T19:04:00.000Z",
"dateReserved": "2010-04-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:28:41.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1056 (GCVE-0-2010-1056)
Vulnerability from nvd – Published: 2010-03-23 17:00 – Updated: 2024-08-07 01:14
VLAI
Summary
Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/38982 | third-party-advisoryx_refsource_SECUNIA |
| http://packetstormsecurity.org/1003-exploits/joom… | x_refsource_MISC |
| http://www.securityfocus.com/bid/38741 | vdb-entryx_refsource_BID |
| http://osvdb.org/62972 | vdb-entryx_refsource_OSVDB |
| http://www.rockettheme.com/extensions-updates/638… | x_refsource_CONFIRM |
| http://www.exploit-db.com/exploits/11760 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2010-03-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:04.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38982"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1003-exploits/joomlarokdownloads-lfi.txt"
},
{
"name": "38741",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38741"
},
{
"name": "62972",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62972"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.rockettheme.com/extensions-updates/638-rokdownloads-10-released"
},
{
"name": "11760",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/11760"
},
{
"name": "rokdownloads-index-file-include(56898)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56898"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38982"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1003-exploits/joomlarokdownloads-lfi.txt"
},
{
"name": "38741",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38741"
},
{
"name": "62972",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62972"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.rockettheme.com/extensions-updates/638-rokdownloads-10-released"
},
{
"name": "11760",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/11760"
},
{
"name": "rokdownloads-index-file-include(56898)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56898"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38982"
},
{
"name": "http://packetstormsecurity.org/1003-exploits/joomlarokdownloads-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1003-exploits/joomlarokdownloads-lfi.txt"
},
{
"name": "38741",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38741"
},
{
"name": "62972",
"refsource": "OSVDB",
"url": "http://osvdb.org/62972"
},
{
"name": "http://www.rockettheme.com/extensions-updates/638-rokdownloads-10-released",
"refsource": "CONFIRM",
"url": "http://www.rockettheme.com/extensions-updates/638-rokdownloads-10-released"
},
{
"name": "11760",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11760"
},
{
"name": "rokdownloads-index-file-include(56898)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56898"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1056",
"datePublished": "2010-03-23T17:00:00.000Z",
"dateReserved": "2010-03-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:14:04.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}