PT-2024-34955 · Help Scout · Beacon For Help Scout

Soprobro

Published

2024-11-19

Updated

2024-11-23

CVE-2024-51828

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Beacon For Help Scout versions 1.3.0 and earlier

Description The issue affects the Beacon For Help Scout plugin, allowing DOM-Based XSS due to improper neutralization of input during web page generation. This can lead to cross-site scripting attacks.

Recommendations For versions 1.3.0 and earlier, update to the latest version to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to potentially vulnerable web pages until the update is applied.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-51828

Affected Products

Beacon For Help Scout

PT-2024-34955 · Help Scout · Beacon For Help Scout

CVE-2024-51828

Weakness Enumeration

Related Identifiers

Affected Products

References · 6