Vulnerabilities > Helpdesk PRO Project > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-20 | CVE-2015-4072 | Cross-site Scripting vulnerability in Helpdesk PRO Project Helpdesk PRO Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message. | 5.4 |
| 2017-08-18 | CVE-2015-4071 | Information Exposure vulnerability in Helpdesk PRO Project Helpdesk PRO The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}. | 5.3 |