Lucene search
K

15 matches found

CNNVD
CNNVD
added 2026/02/03 12:0 a.m.9 views

Zendesk SweetHawk Survey 跨站脚本漏洞

Zendesk SweetHawk Survey is a satisfaction survey plugin developed by Zendesk, a Japanese company. Version 1.6 of Zendesk SweetHawk Survey contains a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting issue in the ticket submission feature, whic...

6.4CVSS5.8AI score0.00239EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/16 4:44 a.m.3 views

CVE-2025-12641 Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion

The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in all versions up to, and including, 6.3.6. This is due to the 'wpasdomractivateuser' function not verifying that a user has permission to modify other...

6.5CVSS5.4AI score0.00363EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/30 5:38 p.m.3 views

Malicious code in epic-support-ticket-submission (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e1aadf77aabef022ef6f63fdd070af2c4e7e3be0cc3647840c5ba1e988fdfe6 The package epic-support-ticket-submission was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/10/30 5:38 p.m.2 views

MAL-2025-49194 Malicious code in epic-support-ticket-submission (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e1aadf77aabef022ef6f63fdd070af2c4e7e3be0cc3647840c5ba1e988fdfe6 The package epic-support-ticket-submission was found to contain malicious code...

7AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-4964

Malware in sbrugna...

7.5CVSS6.2AI score0.023EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-50613

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00361EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:47 p.m.5 views

CVE-2020-23647

Cross Site Scripting XSS vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form...

6.1CVSS6.3AI score0.00514EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:48 a.m.6 views

CVE-2011-5061

functions.php in WHMCompleteSolution WHMCS 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to improper handling of characters in the subject field...

7.5CVSS7.7AI score0.023EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/04 12:0 a.m.3 views

PT-2024-17449 · Issuetrak · Issuetrak

Name of the Vulnerable Software and Affected Versions: Issuetrak version 17.1 Description: A hidden field manipulation issue was identified that could be triggered by an authenticated user. When an authenticated user submits a ticket, the request can be intercepted and modified by using a proxy...

5.3CVSS6.7AI score0.00361EPSS
Exploits0References5
OSV
OSV
added 2024/03/11 10:15 p.m.5 views

CVE-2024-25854

Cross Site Scripting XSS vulnerability in Sourcecodester Insurance Management System 1.0 allows attackers to run arbitrary code via the Subject and Description fields when submitting a support ticket...

6.1CVSS6AI score0.00309EPSS
Exploits0References1
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.194 views

Awesome Support < 6.1.5 - Submitter+ Arbitrary File Deletion

Description The plugin does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server. 1. Visit Tickets Settings File Upload 2. Ensure "Enable File Upload", "Enable drag-n-drop uploader for ticket form", and "Check this t...

8.1CVSS6.7AI score0.0066EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2023/05/20 12:0 a.m.6 views

PT-2023-20975 · WordPress · Groundhogg

Name of the Vulnerable Software and Affected Versions: Groundhogg plugin for WordPress versions up to, and including, 2.7.9.8 Description: The issue is due to a missing capability check on the submit ticket function, allowing authenticated attackers to create a support ticket that sends the...

4.3CVSS5.3AI score0.00561EPSS
Exploits0References7
Huntr
Huntr
added 2021/06/15 8:7 a.m.8 views

Improper Privilege Management in polonel/trudesk

💥 BUG external user can submit ticket even when its disabled 💥 SUMMURY external user can submit ticket even when its disabled 💥 STEP TO REPRODUCE 1. First from admin account goto settings--tickets and disallow Allow public tickets .\ So, external user cant create ticket using url...

0.3AI score
Exploits0
Cvelist
Cvelist
added 2012/09/06 9:0 p.m.21 views

CVE-2012-4872

Cross-site scripting XSS vulnerability in Tickets/Submit in Kayako Fusion before 4.40.985 allows remote attackers to inject arbitrary web script or HTML via certain vectors, possibly a crafted ticket description...

5.8AI score0.01284EPSS
Exploits0References6
0day.today
0day.today
added 2012/04/10 12:0 a.m.378 views

Simple Help Desk Remote Upload Vulnerability

Exploit for php platform in category web applications Author : L3b-r1'z Title : Simple Help Desk Remote Upload Vulnerability Email : email protected Site : Sec4Leb.Com Download : http://simplehelpdesk.com/helpdeskfinal.zip Dork : allintitle: "Help Desk - Log In" Upload Vuln + P0c : First Register...

7.1AI score
Exploits0
Rows per page
Query Builder