PT-2025-4118 · Zenvia · Zenvia Movidesk
Y4G0
·
Published
2025-02-03
·
Updated
2025-02-03
·
CVE-2025-0972
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Zenvia Movidesk versions prior to 25.01.22.245a473c54
Description
A problematic issue has been found in the New Ticket Handler component, where the manipulation of the
subject argument leads to cross-site scripting. This can be initiated remotely.Recommendations
For versions prior to 25.01.22.245a473c54, upgrade to version 25.01.22.245a473c54 to address this issue. As a temporary workaround, consider restricting the manipulation of the
subject argument in the New Ticket Handler component until the upgrade is applied.Exploit
Fix
XSS
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Zenvia Movidesk