Lucene search
K

1163 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/20 5:30 p.m.6 views

CVE-2026-23758

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subject field that allows authenticated staff members to inject malicious JavaScript by manipulating the editsubject POST parameter. Attackers can inject XSS payloads through inadequate sanitization in...

6.4CVSS5.9AI score0.00153EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/20 5:27 p.m.6 views

CVE-2026-23757 GFI HelpDesk < 4.99.10 Stored XSS via Reports Module

GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFTReport::Create without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when creating or editing a...

5.4CVSS5.7AI score0.00141EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/20 5:27 p.m.3 views

CVE-2026-23757

GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFTReport::Create without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when creating or editing a...

5.4CVSS5.7AI score0.00141EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/20 5:27 p.m.34 views

CVE-2026-23757 GFI HelpDesk < 4.99.10 Stored XSS via Reports Module

GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFTReport::Create without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when creating or editing a...

5.4CVSS0.00141EPSS
Exploits0References2
CVE
CVE
added 2026/04/20 5:27 p.m.17 views

CVE-2026-23757

GFI HelpDesk

5.4CVSS5.7AI score0.00141EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.10 views

GFI HelpDesk 安全漏洞

GFI HelpDesk is an open-source service request and ticket management system for enterprise IT support processes developed by GFI in the United States. Versions of GFI HelpDesk prior to 4.99.9 contained a security vulnerability. This vulnerability stemmed from insufficient cleaning of the subject...

5.4CVSS6AI score0.00141EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.11 views

GFI HelpDesk 安全漏洞

GFI HelpDesk is an open-source service request and ticket management system for enterprise IT support processes developed by GFI. Versions of GFI HelpDesk prior to 4.99.10 contained security vulnerabilities. These vulnerabilities stemmed from insufficient cleaning of the title parameter in the...

5.4CVSS6AI score0.00141EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.10 views

GFI HelpDesk 安全漏洞

GFI HelpDesk is an open-source service request and ticket management system for enterprise IT support processes developed by GFI. Versions of GFI HelpDesk prior to 4.99.9 contained security vulnerabilities. These vulnerabilities stemmed from insufficient cleaning of the charset POST parameter in...

4.8CVSS5.9AI score0.00151EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.13 views

PT-2026-33820

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template group creation and editing functionality that allows authenticated administrators to inject arbitrary JavaScript by manipulating the companyname POST parameter without HTML sanitization. Attackers can...

4.8CVSS5.8AI score0.00151EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.13 views

GFI HelpDesk 安全漏洞

GFI HelpDesk is an open-source service request and ticket management system for enterprise IT support processes developed by GFI. Versions of GFI HelpDesk prior to 4.99.9 contained security vulnerabilities. These vulnerabilities stemmed from insufficient cleanup of the POST parameter in the ticke...

6.4CVSS6.1AI score0.00153EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.10 views

GFI HelpDesk 安全漏洞

GFI HelpDesk is an open-source service request and ticket management system for enterprise IT support processes developed by GFI. Versions of GFI HelpDesk prior to 4.99.9 contained security vulnerabilities. These vulnerabilities stemmed from insufficient cleaning of the companyname POST parameter...

4.8CVSS6AI score0.00151EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/17 12:31 a.m.5 views

EUVD-2024-55551

Vision Helpdesk before 5.7.0 patched in 5.6.10 allows attackers to read user profiles via modified serialized cookie data to visclientid...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References3
NVD
NVD
added 2026/04/16 11:16 p.m.5 views

CVE-2024-58343

Vision Helpdesk before 5.7.0 patched in 5.6.10 allows attackers to read user profiles via modified serialized cookie data to visclientid...

4.3CVSS0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/16 10:27 p.m.18 views

CVE-2024-58343

Vision Helpdesk before 5.7.0 patched in 5.6.10 allows attackers to read user profiles via modified serialized cookie data to visclientid...

4.3CVSS0.00168EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/16 10:27 p.m.7 views

CVE-2024-58343

Vision Helpdesk before 5.7.0 patched in 5.6.10 allows attackers to read user profiles via modified serialized cookie data to visclientid...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References2
CVE
CVE
added 2026/04/16 10:27 p.m.8 views

CVE-2024-58343

CVE-2024-58343 affects Vision Helpdesk versions prior to 5.7.0, with a patch available in 5.6.10. The issue allows attackers to read user profiles by tampering serialized cookie data in vis_client_id. The CVSS v3.1 base score is 4.3 (MEDIUM) with network attack vector, low attack complexity, and ...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.11 views

Vision Helpdesk 安全漏洞

Vision Helpdesk is a customer service software developed by Vision Helpdesk Company in India. Versions of Vision Helpdesk prior to 5.7.0 contained security vulnerabilities, which were caused by improper handling of serialized cookie data. This vulnerability could lead to the reading of user...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.10 views

PT-2026-33372

CVE-2024-58343 Vision Helpdesk before 5.7.0 patched in 5.6.10 allows attackers to read user profiles via modified serialized cookie data to vis client id. https://t.co/8Cf7DKLrcr...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/08 6:20 p.m.4 views

EUVD-2026-20568

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, he REST endpoint POST /api/v1/aiassistance/texttools/:id contains an authorization failure. Context data e.g., a group or organization supplied to be used in the AI prompt were not checked if they are accessible f...

5.3CVSS5.9AI score0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 6:18 p.m.2 views

EUVD-2026-20566

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the REST endpoint POST /api/v1/aiassistance/texttools/:id was not checking if a user is privileged to use the text tool, resulting in being able to use it in all situations. This vulnerability is fixed i...

5.3CVSS5.9AI score0.00169EPSS
Exploits0References1
Rows per page
Query Builder