WordPress plugin ELEX WordPress HelpDesk & Customer Ticketing System 代码问题漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A code issue vulnerability exists in WordPress...

CVE-2022-40322

SysAid Help Desk before 22.1.65 allows XSS, aka FR 66542 and 65579...

CVE-2022-40324

SysAid Help Desk before 22.1.65 allows XSS via the Linked SRs field, aka FR 67258...

CVE-2022-40325

SysAid Help Desk before 22.1.65 allows XSS via the Asset Dashboard, aka FR 67262...

CVE-2022-44575

A vulnerability has been identified in PLM Help Server V4.2 All versions. A reflected cross-site scripting XSS vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link...

CVE-2021-43609

An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the orderbyforticket function in app/models/reporting/databasequery.rb allows an authenticated attacker to execute arbitrary SQL commands via the sort parameter. This can be...

CVE-2021-45785

TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery CSRF attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the vict...

CVE-2021-33351

Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field...

CVE-2021-35240

A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'...

CVE-2021-24212

The WooCommerce Help Scout WordPress plugin before 2.9.1 https://woocommerce.com/products/woocommerce-help-scout/ allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp...

CVE-2021-29267

Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting XSS by leveraging the api/Files/Attachment URI to attack help-desk staff via the chatbot feature...

CVE-2020-25119

The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual...

CVE-2013-3577

SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server ERAS allows remote attackers to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter aka the search field...

CVE-2025-3444

Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion LFI in the Admin module, where help card content is loaded...

CVE-2019-16957

SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account...

CVE-2019-3027

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: Login Help. Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application...

CVE-2019-9896

In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable...

CVE-2019-16956

SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket...

CVE-2012-0366

Cisco Unity Connection before 7.1.3bSu2 allows remote authenticated users to change the administrative password by leveraging the Help Desk Administrator role, aka Bug ID CSCtd45141...

CVE-2017-12586

SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users...