Vulners
Lucene search
Helpdeskz v2.0.2 - Stored XSS Vulnerability
# Exploit Title: Stored XSS Vulnerability via File Name
# Exploit Author: Md. Sadikul Islam
# Vendor Homepage: https://www.helpdeskz.com/
# Software Link:
https://github.com/helpdesk-z/helpdeskz-dev/archive/2.0.2.zip
# Version: v2.0.2
# Tested on: Kali Linux / Firefox 115.1.0esr (64-bit)
# CVE : N/A
Payload: "><img src=x onerror=alert(1);>
Filename can be Payload: "><img src=x onerror=alert(1);>.jpg
VIdeo PoC:
https://drive.google.com/file/d/1_yh0UsX8h7YcSU1kFvg_bBwk9T7kx1K1/view?usp=drive_link
Steps to Reproduce:
1. Log in as a regular user and create a new ticket.
2. Fill out all the required fields with the necessary information.
3. Attach an image file with a malicious payload embedded in the
filename.
4. Submit the ticket.
5. Access the ticket from the administration panel to trigger the
payload execution.
Cross-Site Scripting (XSS) exploits can compromise the administration
panel, directly affecting administrators by allowing malicious scripts to
execute within their privileged environment.
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
24 Aug 2024 00:00Current
7.4High risk
Vulners AI Score7.4