CVE-2023-26982

Name of the Vulnerable Software and Affected Versions Trudesk version 1.2.6

Description The issue is a stored cross-site scripting (XSS) vulnerability. It occurs via the Add Tags parameter under the Create Ticket function. This allows for potential malicious script execution when a user interacts with the affected component.

Recommendations For Trudesk version 1.2.6, consider disabling the Create Ticket function or restricting access to the Add Tags parameter until a patch is available. Avoid using the Add Tags parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.