FreeScout 访问控制错误漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. FreeScout versions 1.8.208 and earlier contained an access control vulnerability. This vulnerability stemmed from defects in access control mechanisms, allowing...

Improper Input Validation

prestashop/prestashop is vulnerable to Improper Input Validation. The vulnerability exists in the delete function at CustomerMessage.php because the file input is not properly handled which allows an attacker delete an arbitrary file...

PT-2023-27001 · Unknown · Prestashop

Name of the Vulnerable Software and Affected Versions: PrestaShop versions prior to 8.1.1 Description: The issue allows deletion of files from the server via the CustomerMessage API. There are no known workarounds for this problem. Recommendations: For versions prior to 8.1.1, update to version...

CVE-2020-1767

CVE-2020-1767 affects OTRS Community Edition 6.0.x (up to 6.0.24) and OTRS 7.0.x (up to 7.0.13). Description: Agent A can save a draft; Agent B can open it, modify the text, and send it as Agent A, so customers see a message sent by the original agent. Debian/Nessus advisories indicate patches: u...

Cross-Site Scripting (XSS)

woocommerce is vulnerable to cross-site scripting XSS attacks. The attacks can be launched because class-wc-admin-post-types.php does not sanitize the customermessage string...