CVE-2023-37636

Name of the Vulnerable Software and Affected Versions UVDesk Community Skeleton version 1.1.1

Description A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket. This enables attackers to potentially manipulate the web application's behavior.

Recommendations For UVDesk Community Skeleton version 1.1.1, consider disabling the ticket creation feature until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to the Message field to minimize the risk of arbitrary script execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.