Deskpro is a suite of help desk software from Deskpro UK. A cross-site scripting vulnerability exists in versions of Deskpro cloud and on-premise Deskpro prior to 2021.1.6. The vulnerability stems from a lack of input validation of social media links in user profiles, which allows an attacker to inject and execute client-side JavaScript code to hijack cookie session tokens.
CPE | Name | Operator | Version |
---|---|---|---|
deskpro deskpro cloud | lt | 2021.1.6 | |
deskpro on-premise deskpro | lt | 2021.1.6 |