CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 4CVE-2010-4837 – Joomla! Component JSupport 1.5.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4837
13 Sep 2011 — Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the subject parameter (title field) in a saveTicket action to index2.php. NOTE: some of these details are obtained from third party information. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el componente JSupport (com_jsupport) v1.5.6 para Joomla! permite a atacantes remotos inyectar secuencias de comandos web o HTML... • https://www.exploit-db.com/exploits/15501 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 4CVE-2010-4838 – Joomla! Component JSupport 1.5.6 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-4838
13 Sep 2011 — SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php. Una vulnerabilidad de inyección SQL en el componente JSupport (com_jsupport) v1.5.6 para Joomla! permite ejecutar comandos SQL a usuarios remotos autenticados, con permisos de back-end publicos, a través del parámetro alpha en... • https://www.exploit-db.com/exploits/15502 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •