Lucene search
K

111 matches found

NVD
NVD
added 2022/04/11 7:15 a.m.22 views

CVE-2022-1045

Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0...

9CVSS0.01561EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/04/11 7:15 a.m.7 views

CVE-2022-1045

Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0...

9CVSS6.8AI score0.01561EPSS
Exploits1References3
Prion
Prion
added 2022/04/11 7:15 a.m.19 views

Cross site scripting

Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0...

3.5CVSS5.3AI score0.01561EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/04/11 6:15 a.m.76 views

CVE-2022-1045

The CVE-2022-1045 entry relates to a Stored XSS in GitHub polonel/trudesk prior to v1.2.0, caused by insufficient filtering/escaping in the SVG file upload function. Affected component: Trudesk (SVG upload logic). Impact described in connected sources includes the ability for an attacker to injec...

9CVSS5.8AI score0.01561EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/04/11 6:15 a.m.30 views

CVE-2022-1045 Stored XSS viva .svg file upload in polonel/trudesk

Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0...

9CVSS5.5AI score0.01561EPSS
Exploits1References2
OSV
OSV
added 2022/04/10 3:50 p.m.30 views

CVE-2022-1290 Stored XSS in "Name", "Group Name" & "Title" in polonel/trudesk

Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse...

9CVSS7.4AI score0.01627EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/04/10 3:50 p.m.28 views

CVE-2022-1290 Stored XSS in "Name", "Group Name" & "Title" in polonel/trudesk

Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse...

9CVSS5.6AI score0.01627EPSS
Exploits1References2
CVE
CVE
added 2022/04/10 3:50 p.m.90 views

CVE-2022-1290

CVE-2022-1290 relates to a Stored XSS in Polonel® Trudesk prior to v1.2.0, where malicious scripts could be stored in the Name, Group Name, and Title fields in the GitHub repo polonel/trudesk. The underlying issue enables an attacker to execute scripts in a user’s browser, with potential session ...

9CVSS5.9AI score0.01627EPSS
Exploits1References2Affected Software1
Huntr
Huntr
added 2021/12/21 5:58 a.m.20 views

Cross-Site Request Forgery (CSRF) in polonel/trudesk

Description There is a CSRF vulnerability which would allow an attacker to restart the server by simply having a victim with the appropriate privileges visit an attacker's crafted webpage. The vulnerability exists when performing a GET request to the /api/v1/admin/restart endpoint There is also...

1AI score
Exploits0
Huntr
Huntr
added 2021/06/15 8:7 a.m.8 views

Improper Privilege Management in polonel/trudesk

💥 BUG external user can submit ticket even when its disabled 💥 SUMMURY external user can submit ticket even when its disabled 💥 STEP TO REPRODUCE 1. First from admin account goto settings--tickets and disallow Allow public tickets .\ So, external user cant create ticket using url...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/06/14 6:15 a.m.29 views

Cross-site Scripting (XSS) - Stored in polonel/trudesk

💥 BUG Stored xss bug using file upload against admin . 💥 SUMMURY Here trudesk only allow to upload image file but it can be bypassed and attacker can upload html file . As html file can serve any javascript code ,so attacker can execute any javascript code in vicitm trudesk account . 💥 IMPACT low...

0.2AI score
Exploits0
Rows per page
Query Builder