EUVD-2023-1033

Malicious code in bioql PyPI...

EUVD-2023-41517

Malicious code in bioql PyPI...

CVE-2023-37635

UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application...

CVE-2023-1197

Cross-site Scripting XSS - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0...

CVE-2024-3137

Improper Privilege Management in uvdesk/community-skeleton...

CVE-2024-3137

Improper Privilege Management in uvdesk/community-skeleton...

CVE-2024-3137 Improper Privilege Management in uvdesk/community-skeleton

Improper Privilege Management in uvdesk/community-skeleton...

CVE-2024-3137

CVE-2024-3137 affects uvdesk/community-skeleton. The issue is described as improper privilege management arising from inadequate access controls. According to the entry, the vulnerability has a CVSSv3 base score of 7.1 (HIGH): network attack vector, low attack complexity, privileges required: LOW...

community-skeleton 安全漏洞

community-skeleton is a service-oriented, event-driven, extensible open source helpdesk system. A security vulnerability exists in uvdesk community-skeleton that stems from improper privilege management...

PT-2024-24015 · Unknown · Uvdesk Community Skeleton

Name of the Vulnerable Software and Affected Versions: uvdesk/community-skeleton affected versions not specified Description: The issue concerns improper privilege management. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

CVE-2023-37636

A stored cross-site scripting XSS vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket...

CVE-2023-37635

UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application...

CVE-2023-37636

A stored cross-site scripting XSS vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket...

CVE-2023-37635

UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application...

CVE-2023-37635

UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application...

Cross site scripting

A stored cross-site scripting XSS vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket...

Code injection

UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application...

CVE-2023-37635

UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application...

CVE-2023-37636

A stored cross-site scripting XSS vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket...

CVE-2023-37636

CVE-2023-37636 concerns UVDesk Community Skeleton v1.1.1, with a stored XSS vulnerability in the Message field used when creating a ticket. The issue allows attackers to inject arbitrary web scripts/HTML, potentially affecting users who view crafted tickets. The primary technical detail across so...