EUVD-2025-198426

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ehcrmnewticketpost function in all versions up to, and including, 3.3.1. This makes it possible for unauthenticated attackers to upload...

PT-2025-47674

Name of the Vulnerable Software and Affected Versions ELEX WordPress HelpDesk & Customer Ticketing System versions up to and including 3.3.1 Description The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is susceptible to arbitrary file uploads. This is due to a lack of...

EUVD-2023-44427

Malicious code in bioql PyPI...

EUVD-2025-1950

Malicious code in bioql PyPI...

CVE-2025-0972

A vulnerability classified as problematic has been found in Zenvia Movidesk up to 25.01.22. This affects an unknown part of the component New Ticket Handler. The manipulation of the argument subject leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has bee...

CVE-2025-0972

A vulnerability classified as problematic has been found in Zenvia Movidesk up to 25.01.22. This affects an unknown part of the component New Ticket Handler. The manipulation of the argument subject leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has bee...

CVE-2025-0972 Zenvia Movidesk New Ticket cross site scripting

A vulnerability classified as problematic has been found in Zenvia Movidesk up to 25.01.22. This affects an unknown part of the component New Ticket Handler. The manipulation of the argument subject leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has bee...

CVE-2025-0972 Zenvia Movidesk New Ticket cross site scripting

A vulnerability classified as problematic has been found in Zenvia Movidesk up to 25.01.22. This affects an unknown part of the component New Ticket Handler. The manipulation of the argument subject leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has bee...

Zenvia 代码注入漏洞

Zenvia is a complete customer service software from Zenvia, Inc. A code injection vulnerability exists in Zenvia versions 25.01.22 and earlier, which stems from the parameter subject of the component New Ticket Handler that results in cross-site scripting...

Chamilo LMS 安全漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS version 1.11.26, which stems...

CVE-2024-27476

CVE-2024-27476 affects Leantime 3.0.6 and is reported as an HTML Injection vulnerability exposed via /dashboard/show#/tickets/newTicket. The public records consistently describe an HTML injection path in the Tickets UI, with CVSSv3.1 metrics: AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N, base score 4.7 (M...

PT-2024-21915 · Leantime · Leantime

Name of the Vulnerable Software and Affected Versions: Leantime version 3.0.6 Description: The issue allows for HTML Injection via the /dashboard/show/tickets/newTicket API endpoint. Recommendations: For Leantime version 3.0.6, update to a version that fixes this issue, however at the moment, the...

CVE-2023-49976

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customersupport/index.php?page=newticket...

CVE-2023-49976

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customersupport/index.php?page=newticket...

Customer Support System 1.0 SQL Injection Vulnerability

Customer Support System version 1.0 suffers from a remote SQL injection vulnerability in /customersupport/ajax.php. Original discovery of SQL injection in this version is attributed to Ahmed Abbas in November of 2020. Exploit Title: Customer Support System 1.0 - Multiple SQL injection...

CVE-2023-49976

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customersupport/index.php?page=newticket...

CVE-2023-3794

A vulnerability classified as problematic has been found in Bug Finder ChainCity Real Estate Investment Platform 1.0. Affected is an unknown function of the file /chaincity/user/ticket/create of the component New Ticket Handler. The manipulation of the argument subject leads to cross site...

CVE-2023-3794 Bug Finder ChainCity Real Estate Investment Platform New Ticket create cross site scripting

A vulnerability classified as problematic has been found in Bug Finder ChainCity Real Estate Investment Platform 1.0. Affected is an unknown function of the file /chaincity/user/ticket/create of the component New Ticket Handler. The manipulation of the argument subject leads to cross site...

CVE-2020-23647

CVE-2020-23647 is a documented XSS vulnerability affecting BoxBilling versions 4.19, 4.19.1, 4.20, and 4.21. The issue arises from the message field on the “submit new ticket” form, allowing remote attackers to execute arbitrary code in some contexts. The available connected sources consistently ...

Directory traversal

Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f dot dot encoded slash in the attach parameter to WorkOrder.do in the file attachment for a new ticket...