PT-2023-16179 · Uvdesk · Uvdesk
Carlos Bello
·
Published
2023-04-04
·
Updated
2023-04-11
·
CVE-2023-0325
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Uvdesk version 1.1.1
Description
The issue allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket.
Recommendations
For Uvdesk version 1.1.1, update the application to a version that correctly validates the message sent by the clients in the ticket to prevent stored XSS exploitation. As a temporary workaround, consider restricting the input validation for the message sent by the clients in the ticket to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Uvdesk