CVE-2015-4072

low-risk
Published 2017-09-20

Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message.

Do I need to act?

-
0.44% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
37666
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Helpdesk Pro Project

References (8)

Exploit http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclos...
Exploit http://seclists.org/fulldisclosure/2015/Jul/102
Exploit http://www.securityfocus.com/bid/75971
Exploit https://www.exploit-db.com/exploits/37666/
Exploit http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclos...
Exploit http://seclists.org/fulldisclosure/2015/Jul/102
Exploit http://www.securityfocus.com/bid/75971
Exploit https://www.exploit-db.com/exploits/37666/
28
/ 100
low-risk
Severity 21/34 · High
Exploitability 2/34 · Minimal
Exposure 5/34 · Minimal