Published: 20/09/2017 Updated: 22/09/2017

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 355

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin prior to 1.4.0 for Joomla! allow remote malicious users to inject arbitrary web script or HTML via vectors related to name and message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
helpdesk pro project helpdesk pro

Document Title ============== Joomla! plugin Helpdesk Pro < 140 Reported By =========== Simon Rawet from Outpost24 Kristian Varnai from Outpost24 Gregor Mynarsky from Outpost24 wwwoutpost24com/ For full details, see; wwwoutpost24com/outpost24-has-found-critical-vulnerabilities-in-joomla-helpdesk-pro/ Tested on ========= ...

Joomla Helpdesk Pro versions prior to 140 suffers from cross site scripting, local file disclosure, remote file upload, remote SQL injection, and insecure direct object reference vulnerabilities ...

CWE-79 https://www.exploit-db.com/exploits/37666/http://www.securityfocus.com/bid/75971 http://seclists.org/fulldisclosure/2015/Jul/102 http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html https://nvd.nist.gov https://www.exploit-db.com/exploits/37666/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-4072

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect