Lucene search

Help Desk Security Vulnerabilities

cve

CVE-2021-33351

Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field.

9CVSS

8.5AI Score

0.001EPSS

2023-03-08 10:15 PM

cve

CVE-2021-33352

An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field.

9.8CVSS

9.6AI Score

0.007EPSS

2023-03-08 10:15 PM

cve

CVE-2021-33353

Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting.

9.8CVSS

9.6AI Score

0.008EPSS

2023-03-08 10:15 PM