Vulnerabilities > Extensiondepot
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-09-14 | CVE-2010-4838 | SQL Injection vulnerability in Extensiondepot COM Jsupport 1.5.6 SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php. | 6.0 |
2011-09-14 | CVE-2010-4837 | Cross-Site Scripting vulnerability in Extensiondepot COM Jsupport 1.5.6 Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the subject parameter (title field) in a saveTicket action to index2.php. | 4.3 |