Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Cross-Site Scripting vulnerability in HelpDeskZ

Posted date 01/03/2024
Identificador
INCIBE-2024-0112
Importance
3 - Medium
Affected Resources

HelpDeskZ, version 2.0.2 and earlier.

Description

INCIBE has coordinated the publication of 1 medium severity vulnerability affecting HelpDeskZ version 2.0.2 and earlier, a PHP-based software that allows website management through ticket allocation, which has been discovered by David Cámara Galindo.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:

  • CVE-2024-2078: 4.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N | CWE-79.
Solution

There is no reported solution at this time.

Detail

CVE-2024-2078: a Cross-Site Scripting (XSS) vulnerability has been found in HelpDeskZ affecting version 2.0.2 and earlier. This vulnerability could allow an attacker to send a specially crafted JavaScript payload within the email field and partially take control of an authenticated user's browser session.

References list
HelpDeskZ website
Etiquetas