3 matches found
CVE-2021-40925
Cross-site scripting XSS vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $SERVER"PHPSELF" parameter...
CVE-2021-40925
Cross-site scripting XSS vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $SERVER"PHPSELF" parameter...
CVE-2021-40925
CVE-2021-40925 is an XSS vulnerability in dompdf/dompdf/www/demo.php used by infaveo-helpdesk v1.11.0 and earlier. The issue arises from reflecting the $_SERVER["PHP_SELF"] parameter, enabling remote attackers to inject arbitrary script/HTML. Affected component: demo.php in the dompdf/dompdf pack...