40 matches found
CVE-2026-23756
GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshooter module where the subject POST parameter is not sanitized in ControllerStep.InsertSubmit and EditSubmit before being rendered by ViewStep.RenderViewSteps. An authenticated staff member can inject...
EUVD-2026-23908
GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshooter module where the subject POST parameter is not sanitized in ControllerStep.InsertSubmit and EditSubmit before being rendered by ViewStep.RenderViewSteps. An authenticated staff member can inject...
CVE-2026-23756
GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshooter module where the subject POST parameter is not sanitized in ControllerStep.InsertSubmit and EditSubmit before being rendered by ViewStep.RenderViewSteps. An authenticated staff member can inject...
CVE-2026-23756
GFI HelpDesk
CVE-2026-23756
GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshooter module where the subject POST parameter is not sanitized in ControllerStep.InsertSubmit and EditSubmit before being rendered by ViewStep.RenderViewSteps. An authenticated staff member can inject...
CVE-2026-23756 GFI HelpDesk < 4.99.9 Stored XSS via Troubleshooter Step Subject
GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshooter module where the subject POST parameter is not sanitized in ControllerStep.InsertSubmit and EditSubmit before being rendered by ViewStep.RenderViewSteps. An authenticated staff member can inject...
CVE-2026-23756 GFI HelpDesk < 4.99.9 Stored XSS via Troubleshooter Step Subject
GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshooter module where the subject POST parameter is not sanitized in ControllerStep.InsertSubmit and EditSubmit before being rendered by ViewStep.RenderViewSteps. An authenticated staff member can inject...
PT-2026-33814
GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshooter module where the subject POST parameter is not sanitized in Controller Step.InsertSubmit and EditSubmit before being rendered by View Step.RenderViewSteps. An authenticated staff member can injec...
GFI HelpDesk 安全漏洞
GFI HelpDesk is an open-source service request and ticket management system for enterprise IT support processes developed by GFI in the United States. Versions of GFI HelpDesk prior to 4.99.9 contained a security vulnerability. This vulnerability stemmed from insufficient cleaning of the subject...
CVE-2026-5130
The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1.3.2. This was due to the plugin accepting the wpdebugtroubleshootsimulateuser cookie value directly as a user ID without any cryptographic validation or...
CVE-2026-5130
The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1.3.2. This was due to the plugin accepting the wpdebugtroubleshootsimulateuser cookie value directly as a user ID without any cryptographic validation or...
CVE-2026-5130 Debugger & Troubleshooter <= 1.3.2 - Unauthenticated Privilege Escalation to Administrator via Cookie Manipulation
The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1.3.2. This was due to the plugin accepting the wpdebugtroubleshootsimulateuser cookie value directly as a user ID without any cryptographic validation or...
CVE-2026-5130 Debugger & Troubleshooter <= 1.3.2 - Unauthenticated Privilege Escalation to Administrator via Cookie Manipulation
The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1.3.2. This was due to the plugin accepting the wpdebugtroubleshootsimulateuser cookie value directly as a user ID without any cryptographic validation or...
CVE-2026-5130
The PatchStack entry details an unauthenticated privilege escalation in the WordPress plugin Debugger & Troubleshooter (versions
WordPress plugin Debugger & Troubleshooter 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Malicious code in dns-troubleshoot-toolkit-xyz123 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98d7149f6ef706cf3aa58e9dbf0b206aec334710d6d960fc3d1336f7b67bd56e The package dns-troubleshoot-toolkit-xyz123 was found to contain malicious code. Source: ghsa-malware...
📄 SDiagnostics 10.0.22621.3527 UAC Bypass
SDiagnostics versions 10.0.22621.3527 and below suffer from a UAC bypass vulnerability. Exploit name: UAC Bypass SDiagnostic.exe Troubleshooter Exploit author: Juan Sacco https://exploitpack.com Description: SDiagnostics version 10.0.22621.3527 and prior is vulnerable to an UAC User Account Contr...
The vulnerability of the printer troubleshooting tool from Microsoft, which addresses errors in printer functionality due to insufficient input data verification, allows a perpetrator to execute arbitrary code.
The vulnerability of the Microsoft Printer Metadata Troubleshooter Tool relates to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
CVE-2024-21325
Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability...
CVE-2024-21325
Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability...