CVE-2015-4072

Опубликовано: 20 сент. 2017

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message.

Ссылки

http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2015/Jul/102
Exploit
Mailing List
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/75971
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/37666/
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2015/Jul/102
Exploit
Mailing List
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/75971
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/37666/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:helpdesk_pro_project:helpdesk_pro:*:*:*:*:*:joomla\!:*:*

Версия до 1.3.0 (включая)

EPSS

Процентиль: 63%

0.00444

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-rr7m-7wg8-92f3