Описание
Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket.
Ссылки
- ExploitThird Party Advisory
- Product
- ExploitThird Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:uvdesk:community-skeleton:1.1.1:*:*:*:*:*:*:*
EPSS
Процентиль: 28%
0.00099
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
почти 3 года назад
Uvdesk vulnerable to stored cross-site scripting (XSS)
EPSS
Процентиль: 28%
0.00099
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
CWE-79