111 matches found
CVE-2022-1045
Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0...
CVE-2022-1045
Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0...
Cross site scripting
Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0...
CVE-2022-1045
The CVE-2022-1045 entry relates to a Stored XSS in GitHub polonel/trudesk prior to v1.2.0, caused by insufficient filtering/escaping in the SVG file upload function. Affected component: Trudesk (SVG upload logic). Impact described in connected sources includes the ability for an attacker to injec...
CVE-2022-1045 Stored XSS viva .svg file upload in polonel/trudesk
Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0...
CVE-2022-1290 Stored XSS in "Name", "Group Name" & "Title" in polonel/trudesk
Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse...
CVE-2022-1290 Stored XSS in "Name", "Group Name" & "Title" in polonel/trudesk
Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse...
CVE-2022-1290
CVE-2022-1290 relates to a Stored XSS in Polonel® Trudesk prior to v1.2.0, where malicious scripts could be stored in the Name, Group Name, and Title fields in the GitHub repo polonel/trudesk. The underlying issue enables an attacker to execute scripts in a user’s browser, with potential session ...
Cross-Site Request Forgery (CSRF) in polonel/trudesk
Description There is a CSRF vulnerability which would allow an attacker to restart the server by simply having a victim with the appropriate privileges visit an attacker's crafted webpage. The vulnerability exists when performing a GET request to the /api/v1/admin/restart endpoint There is also...
Improper Privilege Management in polonel/trudesk
💥 BUG external user can submit ticket even when its disabled 💥 SUMMURY external user can submit ticket even when its disabled 💥 STEP TO REPRODUCE 1. First from admin account goto settings--tickets and disallow Allow public tickets .\ So, external user cant create ticket using url...
Cross-site Scripting (XSS) - Stored in polonel/trudesk
💥 BUG Stored xss bug using file upload against admin . 💥 SUMMURY Here trudesk only allow to upload image file but it can be bypassed and attacker can upload html file . As html file can serve any javascript code ,so attacker can execute any javascript code in vicitm trudesk account . 💥 IMPACT low...