18 matches found
HTML Injection
github.com/abhinavxd/libredesk is vulnerable to stored HTML injection. The vulnerability is due to improper sanitization of user input in the contact notes feature, which allows an attacker to inject arbitrary HTML by manipulating the request and exploit it to perform phishing, CSRF-style actions...
SUSE CVE-2026-26957
Libredesk is a self-hosted customer support desk application. Versions prior to 1.0.2-0.20260215211005-727213631ce6 fail to validate destination URLs for webhooks, allowing an attacker posing as an authenticated "Application Admin" to force the server to make HTTP requests to arbitrary internal...
GO-2026-4505 Libredesk has a SSRF Vulnerability in Webhooks in github.com/abhinavxd/libredesk
Libredesk has a SSRF Vulnerability in Webhooks in github.com/abhinavxd/libredesk...
CVE-2026-26957
Libredesk is a self-hosted customer support desk application. Versions prior to 1.0.2-0.20260215211005-727213631ce6 fail to validate destination URLs for webhooks, allowing an attacker posing as an authenticated "Application Admin" to force the server to make HTTP requests to arbitrary internal...
Libredesk 代码问题漏洞
Libredesk is a user support platform developed by Abhinav Raut personally. Versions of Libredesk prior to 1.0.2-0.20260215211005-727213631ce6 contained code vulnerabilities. These vulnerabilities stemmed from unvalidated Webhook target URLs, which could allow the server to send HTTP requests to...
CVE-2026-26957
Libredesk is a self-hosted customer support desk application. Versions prior to 1.0.2-0.20260215211005-727213631ce6 fail to validate destination URLs for webhooks, allowing an attacker posing as an authenticated "Application Admin" to force the server to make HTTP requests to arbitrary internal...
CVE-2026-26957 Libredesk has an SSRF Vulnerability via Webhooks
Libredesk is a self-hosted customer support desk application. Versions prior to 1.0.2-0.20260215211005-727213631ce6 fail to validate destination URLs for webhooks, allowing an attacker posing as an authenticated "Application Admin" to force the server to make HTTP requests to arbitrary internal...
CVE-2026-26957 Libredesk has an SSRF Vulnerability via Webhooks
Libredesk is a self-hosted customer support desk application. Versions prior to 1.0.2-0.20260215211005-727213631ce6 fail to validate destination URLs for webhooks, allowing an attacker posing as an authenticated "Application Admin" to force the server to make HTTP requests to arbitrary internal...
CVE-2026-26957
CVE-2026-26957 entry is linked to a concrete SSRF vulnerability in the LibreDesk Webhooks module (authenticated Application Admin could trigger server requests to internal destinations). Root causes identified: missing input validation (URLs allowed even if they resolve to private/loopback addres...
CVE-2026-26957 Libredesk has an SSRF Vulnerability via Webhooks
Libredesk is a self-hosted customer support desk application. Versions prior to 1.0.2-0.20260215211005-727213631ce6 fail to validate destination URLs for webhooks, allowing an attacker posing as an authenticated "Application Admin" to force the server to make HTTP requests to arbitrary internal...
CVE-2025-68927 Improper Neutralization of HTML Tags in a Web Page in libredesk
Libredesk is a self-hosted customer support desk. Prior to version 0.8.6-beta, LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/id/notes, the backend automatically wraps user input in tags. However, by intercepting the...
CVE-2025-68927 Improper Neutralization of HTML Tags in a Web Page in libredesk
Libredesk is a self-hosted customer support desk. Prior to version 0.8.6-beta, LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/id/notes, the backend automatically wraps user input in tags. However, by intercepting the...
CVE-2025-68927
Libredesk prior to version 0.8.6-beta is vulnerable to stored HTML injection in the contact notes feature. Notes added via POST /api/v1/contacts/{id}/notes are wrapped in tags; removing the wrapper in transit allows attackers to inject arbitrary HTML (e.g., forms, images) that is stored and rend...
EUVD-2025-203846
Libredesk is a self-hosted customer support desk. Prior to version 0.8.6-beta, LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/id/notes, the backend automatically wraps user input in tags. However, by intercepting the...
CVE-2025-68927 Improper Neutralization of HTML Tags in a Web Page in libredesk
Libredesk is a self-hosted customer support desk. Prior to version 0.8.6-beta, LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/id/notes, the backend automatically wraps user input in tags. However, by intercepting the...
Libredesk 跨站脚本漏洞
Libredesk is a user support platform by the individual developer Abhinav Raut. A cross-site scripting vulnerability exists in versions prior to Libredesk 0.8.6-beta, which stems from a stored HTML injection issue in the contact notes feature that could lead to phishing and CSRF attacks...
PT-2025-53612
Name of the Vulnerable Software and Affected Versions Libredesk versions prior to 0.8.6-beta Description Libredesk is a self-hosted customer support desk application. A stored HTML injection issue exists in the contact notes feature. When adding notes through the POST /api/v1/contacts/id/notes...
GO-2025-4243 Libredesk has Improper Neutralization of HTML Tags in a Web Page in github.com/abhinavxd/libredesk
Libredesk has Improper Neutralization of HTML Tags in a Web Page in github.com/abhinavxd/libredesk...