Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent permissions to perform privilege escalation on the application. This occurs because the application is vulnerable to stored XSS.
References
Link | Resource |
---|---|
https://fluidattacks.com/advisories/towers/ | Exploit Third Party Advisory |
https://github.com/ladybirdweb/faveo-helpdesk/ | Product |
Configurations
History
30 Jun 2023, 07:31
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-24 01:15
Updated : 2024-02-04 23:37
NVD link : CVE-2023-1724
Mitre link : CVE-2023-1724
CVE.ORG link : CVE-2023-1724
JSON object : View
Products Affected
ladybirdweb
- faveo_helpdesk
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')