11 matches found
EUVD-2026-23910
GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subject field that allows authenticated staff members to inject malicious JavaScript by manipulating the editsubject POST parameter. Attackers can inject XSS payloads through inadequate sanitization in...
CVE-2026-23758
GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subject field that allows authenticated staff members to inject malicious JavaScript by manipulating the editsubject POST parameter. Attackers can inject XSS payloads through inadequate sanitization in...
CVE-2026-23758 GFI HelpDesk < 4.99.9 Stored XSS via editsubject Parameter
GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subject field that allows authenticated staff members to inject malicious JavaScript by manipulating the editsubject POST parameter. Attackers can inject XSS payloads through inadequate sanitization in...
CVE-2026-23758 GFI HelpDesk < 4.99.9 Stored XSS via editsubject Parameter
GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subject field that allows authenticated staff members to inject malicious JavaScript by manipulating the editsubject POST parameter. Attackers can inject XSS payloads through inadequate sanitization in...
GFI HelpDesk 安全漏洞
GFI HelpDesk is an open-source service request and ticket management system for enterprise IT support processes developed by GFI. Versions of GFI HelpDesk prior to 4.99.9 contained security vulnerabilities. These vulnerabilities stemmed from insufficient cleanup of the POST parameter in the ticke...
PT-2026-33815
GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subject field that allows authenticated staff members to inject malicious JavaScript by manipulating the editsubject POST parameter. Attackers can inject XSS payloads through inadequate sanitization in...
📄 Wise-Insurance Agency Insurance Management System 1.0 Cross Site Scripting
Wise-Insurance Agency Insurance Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Exploit Title: Wise-Insurance Agency - Insurance Management System 1.0 - Stored XSS Date: 25.08.2025 Exploit Author: Emir Bulutlu Vendor:...
CVE-2019-12964
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject...
VulnCheck KEV: CVE-2017-14321
Multiple cross-site scripting XSS vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the 1 customer name or 2 subject in a ticket...
CVE-2017-14321
Multiple cross-site scripting XSS vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the 1 customer name or 2 subject in a ticket...
PT-2012-2039 · Whmcs · Whmcs
Name of the Vulnerable Software and Affected Versions: WHMCS versions 4.0.x through 5.0.x Description: The issue is related to improper handling of characters in the subject field of a crafted ticket, which can trigger arbitrary code execution in the Smarty templating system. This allows remote...