PT-2024-37445 · Haloitsm · Haloitsm
Published
2024-08-06
·
Updated
2024-08-29
·
CVE-2024-6200
CVSS v3.1
8.0
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
HaloITSM versions up to 2.146.1
Description:
The issue is a Stored Cross-Site Scripting (XSS) vulnerability, where injected JavaScript code can execute arbitrary actions on behalf of the user accessing a ticket.
Recommendations:
For HaloITSM versions up to 2.146.1, update to a version past 2.146.1 to fix the vulnerability.
For versions that can apply patches, apply patches starting from 2.143.61 to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Haloitsm