2 results (0.007 seconds)

CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 4

SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php. Una vulnerabilidad de inyección SQL en el componente JSupport (com_jsupport) v1.5.6 para Joomla! permite ejecutar comandos SQL a usuarios remotos autenticados, con permisos de back-end publicos, a través del parámetro alpha en una accion (1) listTickets o (2) listFaqs en administrator/index.php. • https://www.exploit-db.com/exploits/15502 http://packetstormsecurity.org/files/view/95797/joomlajsupport-sql.txt http://secunia.com/advisories/42262 http://securityreason.com/securityalert/8379 http://www.exploit-db.com/exploits/15502 http://www.xenuser.org/documents/security/Joomla_com_jsupport_SQLi.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 3%CPEs: 2EXPL: 4

Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the subject parameter (title field) in a saveTicket action to index2.php. NOTE: some of these details are obtained from third party information. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el componente JSupport (com_jsupport) v1.5.6 para Joomla! permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro subject (campo de título) en una acción saveTicket a index2.php. • https://www.exploit-db.com/exploits/15501 http://packetstormsecurity.org/files/view/95796/joomlajsupport-xss.txt http://secunia.com/advisories/42262 http://securityreason.com/securityalert/8377 http://www.exploit-db.com/exploits/15501 http://www.xenuser.org/documents/security/Joomla_com_jsupport_XSS.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •