PT-2023-17193 · Unknown · Faveo Helpdesk Enterprise

Carlos Bello

Publicado

2023-06-24

Atualizado

2023-06-30

CVE-2023-1724

CVSS v3.1

7.3

Alta

Vetor

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Faveo Helpdesk Enterprise version 6.0.1

Description The issue allows an attacker with agent permissions to perform privilege escalation on the application due to a stored XSS vulnerability.

Recommendations For Faveo Helpdesk Enterprise version 6.0.1, consider restricting access to agent permissions to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the functionality that allows agents to input data that could be used for stored XSS may help mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-1724

Produtos afetados

Faveo Helpdesk Enterprise

PT-2023-17193 · Unknown · Faveo Helpdesk Enterprise

CVE-2023-1724

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6