Help Security Vulnerabilities
Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through...
9.1CVSS
6.8AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through...
8.6CVSS
7.6AI Score
0.0004EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through...
10CVSS
9.3AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through...
9.8CVSS
9.8AI Score
0.001EPSS
Missing Authorization vulnerability in WPOmnia KB Support – WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Users with a role as low as a subscriber can view other customers.This issue affects KB Support – WordPress Help Desk and Knowledge...
4.3CVSS
4.7AI Score
0.0004EPSS
An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the order_by_for_ticket function in app/models/reporting/database_query.rb allows an authenticated attacker to execute arbitrary SQL commands via the sort parameter. This can be.....
9.9CVSS
8.9AI Score
0.003EPSS
Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from n/a through...
8.8CVSS
8.7AI Score
0.001EPSS
The Help Desk WP WordPress plugin through 1.2.0 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting...
5.4CVSS
5.5AI Score
0.001EPSS
The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an attacker to close and/or add files and replies to tickets other than their...
6.5CVSS
7AI Score
0.001EPSS
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message...
9CVSS
8.5AI Score
0.001EPSS
Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory...
9.8CVSS
9.6AI Score
0.007EPSS
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message...
9.8CVSS
9.6AI Score
0.006EPSS
Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1...
8.8CVSS
8.8AI Score
0.001EPSS
A vulnerability has been identified in PLM Help Server V4.2 (All versions). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious...
6.1CVSS
5.9AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in Web Help Desk before 9.1.18 allows remote attackers to inject arbitrary web script or HTML via vectors related to "encoded JavaScript" and...
5.8AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk 1.43 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to area.php; the (2) pagina, (3) sentido, (4) q_registros, and (5) orden parameters to area.php; (6) the q_registros parameter to...
5.7AI Score
0.007EPSS
Help Desk Reloaded Free Help Desk does not remove or protect install.php once installation is complete, which allows remote attackers to gain privileges via a direct request to install.php, then navigating to accountsetup.php and creating a new...
7.3AI Score
0.006EPSS
Multiple SQL injection vulnerabilities in Help Center Live allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php, (2) tid parameter to view.php, fid parameter to (3) download.php or (4) chat_download.php, (5) status parameter to icon.php, TICKET_tid...
7.4AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to...
6.5CVSS
6.5AI Score
0.002EPSS
SQL injection vulnerability in the Helpdesk (mg_help) extension 1.1.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified...
8.7AI Score
0.001EPSS
Untrusted search path vulnerability in Help & Manual 5.5.1 Build 1296 allows local users to gain privileges via a Trojan horse ijl15.dll file in the current working directory, as demonstrated by a directory that contains a .hmxz, .hmxp, .hmskin, .hmx, .hm3, .hpj, .hlp, or .chm file. NOTE: some of.....
6.7AI Score
0.0004EPSS
SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote authenticated users to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter (aka the search field), leading to execution of...
8.3AI Score
0.001EPSS
SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote attackers to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter (aka the search...
8.7AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR#...
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
6.3AI Score
0.001EPSS
This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion()...
9.8CVSS
9.6AI Score
0.002EPSS
Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an...
6.8CVSS
6.4AI Score
0.001EPSS
Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk...
5.3CVSS
5.1AI Score
0.001EPSS
Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users...
6.8CVSS
6.6AI Score
0.0004EPSS
The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the.....
7.5CVSS
7.7AI Score
0.001EPSS
The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated...
9.8CVSS
9.6AI Score
0.002EPSS
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP....
5.3CVSS
5.2AI Score
0.001EPSS
Cross-site scripting vulnerability in Hitachi Application Server Help (Hitachi Application Server V10 Manual (Windows) version 10-11-01 and earlier and Hitachi Application Server V10 Manual (UNIX) version 10-11-01 and earlier) allows a remote attacker to inject an arbitrary script via unspecified.....
6.1CVSS
6AI Score
0.001EPSS
The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in...
9.8CVSS
9.4AI Score
0.003EPSS
5.4CVSS
5.2AI Score
0.001EPSS
SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request...
5.4CVSS
5.6AI Score
0.001EPSS
5.4CVSS
5.3AI Score
0.001EPSS
SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name...
5.4CVSS
5.1AI Score
0.001EPSS
Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location...
5.4CVSS
5.2AI Score
0.001EPSS
Vulnerability in the Oracle Help Technologies product of Oracle Fusion Middleware (component: Web UIX). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Help...
8.2CVSS
8.3AI Score
0.003EPSS
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not...
6.5CVSS
6.5AI Score
0.01EPSS
8.8CVSS
8.7AI Score
0.001EPSS
6.1CVSS
6AI Score
0.002EPSS
In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg parameter in a /wp-admin/admin-ajax.php sb_ajax_add_message...
5.4CVSS
5.2AI Score
0.001EPSS
The Lenovo Help Android app versions earlier than 6.1.2.0327 had insufficient access control for some functions which, if exploited, could have led to exposure of approximately 400 email addresses and 8,500...
7.5CVSS
7.4AI Score
0.002EPSS
The mintToken function of a smart contract implementation for HELP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any...
7.5CVSS
7.7AI Score
0.001EPSS
Lenovo Help Android mobile app versions earlier than 6.1.2.0327 allowed information to be transmitted over an HTTP channel, permitting others observing the channel to potentially see this...
7.5CVSS
7.2AI Score
0.002EPSS