Filtered by vendor Mods-for-hesk
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13994 | 1 Mods-for-hesk | 1 Mods For Hesk | 2024-08-04 | 8.8 High |
| An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This might be exploitable in conjunction with CVE-2020-13992 by an unauthenticated attacker. | ||||
| CVE-2020-13993 | 1 Mods-for-hesk | 1 Mods For Hesk | 2024-08-04 | 7.5 High |
| An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated attackers to retrieve information from the database via a ticket. | ||||
| CVE-2020-13992 | 1 Mods-for-hesk | 1 Mods For Hesk | 2024-08-04 | 6.1 Medium |
| An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Stored XSS issue allows remote unauthenticated attackers to abuse a helpdesk user's logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket. | ||||
Page 1 of 1.