In Joomla component βJoomlatools - DOCman 3.5.13 (and likely most versions below)β are affected to an reflected Cross-Site Scripting (XSS) in an image upload function
[
{
"product": "DOCman",
"vendor": "Joomlatools",
"versions": [
{
"status": "affected",
"version": "<=3.5.13"
}
]
}
]