CVE-2010-4837
com_jsupport 1.5.6 - Cross-Site Scripting via Subject Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2010-4837. PoCs published by Valentin.
AI-analyzed exploit summary This is a writeup describing a critical XSS vulnerability in the Joomla component com_jsupport version 1.5.6. The vulnerability allows arbitrary HTML and JavaScript injection into the ticket title field, which executes when viewed in the admin panel or website.
Description
Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the subject parameter (title field) in a saveTicket action to index2.php. NOTE: some of these details are obtained from third party information.
Exploits (1)
This is a writeup describing a critical XSS vulnerability in the Joomla component com_jsupport version 1.5.6. The vulnerability allows arbitrary HTML and JavaScript injection into the ticket title field, which executes when viewed in the admin panel or website.