Filtered by vendor Trudesk Project
Subscribe
Total
18 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-45785 | 1 Trudesk Project | 1 Trudesk | 2024-07-03 | N/A | 6.5 MEDIUM |
TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the victim (who has sufficient privileges), would visit the page and the server restart would begin. The attacker must know the full URL that TruDesk is on in order to craft the webpage. | |||||
CVE-2023-26982 | 1 Trudesk Project | 1 Trudesk | 2024-02-04 | N/A | 5.4 MEDIUM |
Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function. | |||||
CVE-2022-1803 | 1 Trudesk Project | 1 Trudesk | 2024-02-04 | 4.9 MEDIUM | 6.9 MEDIUM |
Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2. | |||||
CVE-2022-1290 | 1 Trudesk Project | 1 Trudesk | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse. | |||||
CVE-2022-1044 | 1 Trudesk Project | 1 Trudesk | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1. | |||||
CVE-2022-1045 | 1 Trudesk Project | 1 Trudesk | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0. | |||||
CVE-2022-1754 | 1 Trudesk Project | 1 Trudesk | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2. | |||||
CVE-2022-1770 | 1 Trudesk Project | 1 Trudesk | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2. | |||||
CVE-2022-2128 | 1 Trudesk Project | 1 Trudesk | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4. | |||||
CVE-2022-1775 | 1 Trudesk Project | 1 Trudesk | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2. | |||||
CVE-2022-2023 | 1 Trudesk Project | 1 Trudesk | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4. | |||||
CVE-2022-1931 | 1 Trudesk Project | 1 Trudesk | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3. | |||||
CVE-2022-1947 | 1 Trudesk Project | 1 Trudesk | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3. | |||||
CVE-2022-1752 | 1 Trudesk Project | 1 Trudesk | 2024-02-04 | 6.0 MEDIUM | 8.0 HIGH |
Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2. | |||||
CVE-2022-1893 | 1 Trudesk Project | 1 Trudesk | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository polonel/trudesk prior to 1.2.3. | |||||
CVE-2022-1926 | 1 Trudesk Project | 1 Trudesk | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3. | |||||
CVE-2022-1808 | 1 Trudesk Project | 1 Trudesk | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3. | |||||
CVE-2022-1728 | 1 Trudesk Project | 1 Trudesk | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications. |