15 matches found
Zendesk SweetHawk Survey 跨站脚本漏洞
Zendesk SweetHawk Survey is a satisfaction survey plugin developed by Zendesk, a Japanese company. Version 1.6 of Zendesk SweetHawk Survey contains a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting issue in the ticket submission feature, whic...
CVE-2025-12641 Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion
The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in all versions up to, and including, 6.3.6. This is due to the 'wpasdomractivateuser' function not verifying that a user has permission to modify other...
Malicious code in epic-support-ticket-submission (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e1aadf77aabef022ef6f63fdd070af2c4e7e3be0cc3647840c5ba1e988fdfe6 The package epic-support-ticket-submission was found to contain malicious code...
MAL-2025-49194 Malicious code in epic-support-ticket-submission (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e1aadf77aabef022ef6f63fdd070af2c4e7e3be0cc3647840c5ba1e988fdfe6 The package epic-support-ticket-submission was found to contain malicious code...
EUVD-2011-4964
Malware in sbrugna...
EUVD-2024-50613
Malicious code in bioql PyPI...
CVE-2020-23647
Cross Site Scripting XSS vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form...
CVE-2011-5061
functions.php in WHMCompleteSolution WHMCS 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to improper handling of characters in the subject field...
PT-2024-17449 · Issuetrak · Issuetrak
Name of the Vulnerable Software and Affected Versions: Issuetrak version 17.1 Description: A hidden field manipulation issue was identified that could be triggered by an authenticated user. When an authenticated user submits a ticket, the request can be intercepted and modified by using a proxy...
CVE-2024-25854
Cross Site Scripting XSS vulnerability in Sourcecodester Insurance Management System 1.0 allows attackers to run arbitrary code via the Subject and Description fields when submitting a support ticket...
Awesome Support < 6.1.5 - Submitter+ Arbitrary File Deletion
Description The plugin does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server. 1. Visit Tickets Settings File Upload 2. Ensure "Enable File Upload", "Enable drag-n-drop uploader for ticket form", and "Check this t...
PT-2023-20975 · WordPress · Groundhogg
Name of the Vulnerable Software and Affected Versions: Groundhogg plugin for WordPress versions up to, and including, 2.7.9.8 Description: The issue is due to a missing capability check on the submit ticket function, allowing authenticated attackers to create a support ticket that sends the...
Improper Privilege Management in polonel/trudesk
💥 BUG external user can submit ticket even when its disabled 💥 SUMMURY external user can submit ticket even when its disabled 💥 STEP TO REPRODUCE 1. First from admin account goto settings--tickets and disallow Allow public tickets .\ So, external user cant create ticket using url...
CVE-2012-4872
Cross-site scripting XSS vulnerability in Tickets/Submit in Kayako Fusion before 4.40.985 allows remote attackers to inject arbitrary web script or HTML via certain vectors, possibly a crafted ticket description...
Simple Help Desk Remote Upload Vulnerability
Exploit for php platform in category web applications Author : L3b-r1'z Title : Simple Help Desk Remote Upload Vulnerability Email : email protected Site : Sec4Leb.Com Download : http://simplehelpdesk.com/helpdeskfinal.zip Dork : allintitle: "Help Desk - Log In" Upload Vuln + P0c : First Register...