django_helpdesk is vulnerable to cross-site scripting (XSS) attacks. A remote attacker is able to inject and execute arbitrary Javascript in a user’s browser through a specifically crafted attachment via the process_attachments
function.
github.com/django-helpdesk/django-helpdesk/commit/04483bdac3b5196737516398b5ce0383875a5c60
github.com/django-helpdesk/django-helpdesk/commit/44abb197120a843cce5b5fe8276e4a44b8bb2f48
github.com/django-helpdesk/django-helpdesk/issues/983
github.com/django-helpdesk/django-helpdesk/pull/984
huntr.dev/bounties/4d7a5fdd-b2de-467a-ade0-3f2fb386638e
huntr.dev/bounties/4d7a5fdd-b2de-467a-ade0-3f2fb386638e/