Lucene search

K
nvd[email protected]NVD:CVE-2024-27125
HistorySep 06, 2024 - 5:15 p.m.

CVE-2024-27125

2024-09-0617:15:14
CWE-79
web.nvd.nist.gov
cross-site scripting
helpdesk
vulnerability
authenticated administrators
malicious code
network
patch

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0

Percentile

14.7%

A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.

We have already fixed the vulnerability in the following version:
Helpdesk 3.3.1 and later

Affected configurations

Nvd
Node
qnaphelpdeskRange<3.3.1
VendorProductVersionCPE
qnaphelpdesk*cpe:2.3:a:qnap:helpdesk:*:*:*:*:*:*:*:*

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0

Percentile

14.7%

Related for NVD:CVE-2024-27125