Vulnerability List (VEL) Reporting Form

We accept reports of security vulnerabilities for Joomla and Joomla extensions. If you believe you have found a security vulnerability in Joomla or in an extension, please complete the following form. As our vulnerability policy explains, we may send or attempt to contact the developer of the extension.

Note that we do not coordinate or publish every report we receive. We request that you please make a reasonable attempt to contact the affected developer. If the vulnerability you are reporting is already public, please provide the CERT or other vulnerability database number and indicate which vulnerability database the public report is from.

For additional information about the fields in this form, refer to the instructions. If you have any problems, please contact us.

Please provide as much information as you can. Incomplete or incorrect information may delay out investigation. When you are finished, submit your report using the button at the end of the form.

Information with a (*) is required.

Full Name(*)
Please enter your name.

E--mail(*)
Invalid email address.

Organization


Select one of the following 3 choices:
Are the Joomla core files affected by the vulnerability?(*)
Invalid Input

If you are reporting an extension that alters Joomla Core files, please select NO then enter the 3rd Party extension details If the exploit directly affects Joomla core, please select YES

List affected Joomla versions.
Invalid Input

Is the vulnerability in a 3rd party extension?(*)
Invalid Input

Affected 3rd party extension name,
Invalid Input

Affected 3rd party extension version.
Invalid Characters Input

Is the vulnerability in a 3rd party template?(*)
Invalid Input

Affected 3rd party template name
Invalid Input

Affected 3rd party template version
Invalid Input


Exploit Type(*)
Invalid Input

Enter description for other Exploit Type
Invalid Input

Vulnerability Description

Please describe the vulnerability. Be as specific in detail as you can.

This description is required(*)

Invalid Input


How did you find the vulnerability? Please note any specific tools or techniques used.(*)
Invalid Input


Is the vulnerability being activly exploited?(*)
Invalid Input


Is the exploit publicly available?(*)
Invalid Input

Enter the URL of website where exploit is publically available
Invalid URL was Input

Impact of Exploiting this Vulnerability

Describe the specific impact of the exploit and how it would be used in an attack scenario(*)
Invalid Input

Developer Communication


Before submitting this report, please make a reasonable attempt to contact the affected developer via the developers website. If you choose not to try to contact the developer, we may lower the priority of your report.

Which of the following best describes your communication with the developer?
Invalid Input

Please enter the URL to the update or patch.
Invalid URL was Input


Who is the developer of the product that contains the vulnerability? If you have already contacted the developer regarding this problem, please share the developers contact information and any CERT or other vulnerability database tracking numbers with us. Indicate which vulnerability tracking database the number relates to.

Developer Name
Invalid Input

Developer Contact E-Mail
Invalid Input

JED URL
Invalid Input

Url on the Joomla Extensions Directory

Tracking Database name if any
Invalid Input

Database Tracking ID number if any
Invalid Input

Additional Developer Information

Provide any additional information about the developer, and any communications with the them.
Invalid Input

Location of File

Download url
Invalid Input

a link to download the zip , please ensure it is available without restriction

Recatcha
Invalid Input