PT-2023-12205 · Wyomind · Wyomind Help Desk Magento 2 Extension
Published
2023-03-08
·
Updated
2023-03-14
·
CVE-2021-33351
CVSS v3.1
9.0
Critical
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Wyomind Help Desk Magento 2 extension versions 1.3.6 and before
Description
The issue allows attackers to escalate privileges via a crafted payload in the
ticket message field. This is a Cross Site Scripting vulnerability.Recommendations
For Wyomind Help Desk Magento 2 extension versions 1.3.6 and before, update to version 1.3.7 to resolve the issue.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wyomind Help Desk Magento 2 Extension