Help Desk Security Vulnerabilities
Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through...
9.1CVSS
6.8AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through...
8.6CVSS
7.6AI Score
0.0004EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through...
10CVSS
9.3AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through...
9.8CVSS
9.8AI Score
0.001EPSS
Missing Authorization vulnerability in WPOmnia KB Support – WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Users with a role as low as a subscriber can view other customers.This issue affects KB Support – WordPress Help Desk and Knowledge...
4.3CVSS
4.7AI Score
0.0004EPSS
An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the order_by_for_ticket function in app/models/reporting/database_query.rb allows an authenticated attacker to execute arbitrary SQL commands via the sort parameter. This can be.....
9.9CVSS
8.9AI Score
0.003EPSS
Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from n/a through...
8.8CVSS
8.7AI Score
0.001EPSS
The Help Desk WP WordPress plugin through 1.2.0 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting...
5.4CVSS
5.5AI Score
0.001EPSS
The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an attacker to close and/or add files and replies to tickets other than their...
6.5CVSS
7AI Score
0.001EPSS
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message...
9CVSS
8.5AI Score
0.001EPSS
Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory...
9.8CVSS
9.6AI Score
0.007EPSS
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message...
9.8CVSS
9.6AI Score
0.006EPSS
Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1...
8.8CVSS
8.8AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in Web Help Desk before 9.1.18 allows remote attackers to inject arbitrary web script or HTML via vectors related to "encoded JavaScript" and...
5.8AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk 1.43 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to area.php; the (2) pagina, (3) sentido, (4) q_registros, and (5) orden parameters to area.php; (6) the q_registros parameter to...
5.7AI Score
0.007EPSS
Help Desk Reloaded Free Help Desk does not remove or protect install.php once installation is complete, which allows remote attackers to gain privileges via a direct request to install.php, then navigating to accountsetup.php and creating a new...
7.3AI Score
0.006EPSS
SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote authenticated users to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter (aka the search field), leading to execution of...
8.3AI Score
0.001EPSS
SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote attackers to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter (aka the search...
8.7AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR#...
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
6.3AI Score
0.001EPSS
Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk...
5.3CVSS
5.1AI Score
0.001EPSS
Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users...
6.8CVSS
6.6AI Score
0.0004EPSS
The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the.....
7.5CVSS
7.7AI Score
0.001EPSS
The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated...
9.8CVSS
9.6AI Score
0.002EPSS
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP....
5.3CVSS
5.2AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request...
5.4CVSS
5.6AI Score
0.001EPSS
5.4CVSS
5.3AI Score
0.001EPSS
SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name...
5.4CVSS
5.1AI Score
0.001EPSS
Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location...
5.4CVSS
5.2AI Score
0.001EPSS
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not...
6.5CVSS
6.5AI Score
0.01EPSS
8.8CVSS
8.7AI Score
0.001EPSS
In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg parameter in a /wp-admin/admin-ajax.php sb_ajax_add_message...
5.4CVSS
5.2AI Score
0.001EPSS
The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified...
6.2AI Score
0.005EPSS
Multiple SQL injection vulnerabilities in adminlogin.asp in Zen Help Desk 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) userid (aka username) and (2) PassWord parameters to...
8.8AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Web Help Desk 9.1.22 (evaluation version) allow remote attackers to inject arbitrary web script or HTML via the (1) Report Name, (2) Asset No., and (3) Full Name fields in a Models action. NOTE: the provenance of this information is unknown;...
5.7AI Score
0.003EPSS
Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct...
6.8AI Score
0.004EPSS
Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.20081.140, as used in ComponentOne Studio for ActiveX 2008, TSC2 Help Desk 4.1.8, SAP GUI 6.40 Patch....
7.9AI Score
0.816EPSS
Multiple SQL injection vulnerabilities in PHD Help Desk before 1.31 allow remote attackers to execute arbitrary SQL commands via unspecified...
8.6AI Score
0.004EPSS
Zen Help Desk 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for...
6.5AI Score
0.006EPSS
SQL injection vulnerability in details.asp in Doug Luxem Liberum Help Desk 0.97.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id...
8.8AI Score
0.002EPSS
Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email...
6AI Score
0.025EPSS
Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) uid parameter to (a) inout/status.asp, (b) inout/update.asp, and (c) forgotpass.asp. NOTE: The provenance of this information...
8.7AI Score
0.002EPSS
Multiple cross-site scripting vulnerabilities in castnewPost.asp in Liberum Help Desk 0.97.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Email, (2) Title, or (3) Description...
6.4AI Score
0.003EPSS
Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.asp or (2) print.asp or (3) edit parameter to...
9AI Score
0.003EPSS