Thapanarath Khempetch

**Name of the Vulnerable Software and Affected Versions** Trudesk version 1.2.6 **Description** The issue is a stored cross-site scripting (XSS) vulnerability. It occurs via the `Add Tags` parameter under the `Create Ticket` function. This allows for potential malicious script execution when a user interacts with the affected component. **Recommendations** For Trudesk version 1.2.6, consider disabling the `Create Ticket` function or restricting access to the `Add Tags` parameter until a patch is available. Avoid using the `Add Tags` parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Peppermint version 0.2.4 **Description** The issue concerns the password reset function, allowing attackers to access emails and passwords of the Tickets page through a crafted request. **Recommendations** For Peppermint version 0.2.4, consider disabling the password reset function temporarily until a patch is available to prevent exploitation.