CVE-2021-40925

2021-10-0116:15:07

Google

osv.dev

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.0%

JSON

Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $_SERVER[“PHP_SELF”] parameter.

CPENameOperatorVersion
faveo-helpdeskeq1.9.4
faveo-helpdeskeq1.0.7.1
faveo-helpdeskeq1.0.7.5
faveo-helpdeskeq1.0.5.5
faveo-helpdeskeq1.9.3
faveo-helpdeskeq1.0.7.6
faveo-helpdeskeq1.0.6.4
faveo-helpdeskeq1.0.1
faveo-helpdeskeq1.0.3.1
faveo-helpdeskeq1.0.5.4

Name	Operator	Version
faveo-helpdesk	eq	1.9.4
faveo-helpdesk	eq	1.0.7.1
faveo-helpdesk	eq	1.0.7.5
faveo-helpdesk	eq	1.0.5.5
faveo-helpdesk	eq	1.9.3
faveo-helpdesk	eq	1.0.7.6
faveo-helpdesk	eq	1.0.6.4
faveo-helpdesk	eq	1.0.1
faveo-helpdesk	eq	1.0.3.1
faveo-helpdesk	eq	1.0.5.4