Cross-Site Request Forgery in JS Support Ticket for Joomla! Warnings for Users
CVE-2018-6007

8.8HIGH

Key Information:

Vendor: Joomsky
Status: Js Support Ticket
Vendor: CVE Published:; 29 January 2018

Summary

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the JS Support Ticket component version 1.1.0 for Joomla!. This vulnerability enables attackers to exploit the system by deceiving authenticated users into executing unauthorized actions, such as injecting malicious HTML or altering ticket information. The exploitation can lead to significant security risks if proper precautions are not adopted. Website administrators should ensure their systems are updated and review user permissions to mitigate potential threats.

References

https://www.exploit-db.com/exploits/43912/

exploitx_refsource_EXPLOIT-DB

https://packetstormsecurity.com/files/146135/Joomla-JS-Su...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 29, 2018
Vulnerability Reserved
Jan 22, 2018