Help Desk Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email paramete...
6AI Score
0.025EPSS
Multiple SQL injection vulnerabilities in PHD Help Desk before 1.31 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
8.6AI Score
0.004EPSS
Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location Name.
5.4CVSS
5.2AI Score
0.001EPSS
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field.
9CVSS
8.5AI Score
0.001EPSS
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field.
9.8CVSS
9.6AI Score
0.006EPSS
Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting.
9.8CVSS
9.6AI Score
0.007EPSS
6.1CVSS
6.3AI Score
0.001EPSS
SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR# 67241.
6.1CVSS
5.9AI Score
0.001EPSS
SysAid Help Desk before 22.1.65 allows XSS via the Linked SRs field, aka FR# 67258.
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS