25 matches found
EUVD-2023-41517
Malicious code in bioql PyPI...
EUVD-2024-16698
Malicious code in bioql PyPI...
CVE-2023-37635
UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application...
CVE-2024-0916
Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3...
CVE-2024-0916 Unauthenticated Remote Code Execution in UvDesk Community
Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3...
CVE-2024-0916
CVE-2024-0916 affects UVdesk Community (1.0.0–1.1.3) and is due to insufficient input validation that allows unauthenticated file uploads leading to Remote Code Execution (RCE). Public sources describe the vulnerability as an unauthenticated file upload enabling code execution, with references no...
CVE-2024-0916 Unauthenticated Remote Code Execution in UvDesk Community
Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3...
PT-2024-15917 · Unknown · Uvdesk Community
Name of the Vulnerable Software and Affected Versions: UvDesk Community versions 1.0.0 through 1.1.3 Description: Unauthenticated file upload allows remote code execution. Recommendations: For UvDesk Community versions 1.0.0 through 1.1.3, consider disabling the file upload feature until a patch ...
CVE-2024-3137 Improper Privilege Management in uvdesk/community-skeleton
Improper Privilege Management in uvdesk/community-skeleton...
PT-2024-24015 · Unknown · Uvdesk Community Skeleton
Name of the Vulnerable Software and Affected Versions: uvdesk/community-skeleton affected versions not specified Description: The issue concerns improper privilege management. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...
CVE-2023-37636
A stored cross-site scripting XSS vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket...
CVE-2023-37635
UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application...
CVE-2023-37636
A stored cross-site scripting XSS vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket...
Cross site scripting
A stored cross-site scripting XSS vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket...
Code injection
UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application...
PT-2023-26052 · Unknown · Uvdesk Community Skeleton
Name of the Vulnerable Software and Affected Versions: UVDesk Community Skeleton version 1.1.1 Description: The issue allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application. This can be done through the login page, allowing attackers to...
CVE-2023-37636
CVE-2023-37636 concerns UVDesk Community Skeleton v1.1.1, with a stored XSS vulnerability in the Message field used when creating a ticket. The issue allows attackers to inject arbitrary web scripts/HTML, potentially affecting users who view crafted tickets. The primary technical detail across so...
CVE-2023-37635
CVE-2023-37635 affects UVDesk Community Skeleton v1.1.1, described as an unauthenticated brute-force login vulnerability that could allow access to the application. Concrete detail: login-page brute-force on UVDesk Community Skeleton 1.1.1. Root cause and exact exploit path are not detailed in th...
CVE-2023-37636
A stored cross-site scripting XSS vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket...
uvdesk/community-skeleton vulnerable to Stored Cross-site Scripting
Cross-site Scripting XSS - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0...