A cross-site scripting (XSS) vulnerability in HelpDeskZ v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field of Custom Fields message box.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 23 Sep 2024 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Evolutionscript
Evolutionscript helpdeskz
Weaknesses CWE-94
CPEs cpe:2.3:a:evolutionscript:helpdeskz:1.0.2:*:*:*:*:*:*:*
Vendors & Products Evolutionscript
Evolutionscript helpdeskz
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 23 Sep 2024 19:30:00 +0000

Type Values Removed Values Added
Description A cross-site scripting (XSS) vulnerability in HelpDeskZ v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field of Custom Fields message box.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-09-23T19:52:50.458Z

Reserved: 2024-09-11T00:00:00

Link: CVE-2024-46639

cve-icon Vulnrichment

Updated: 2024-09-23T19:51:13.737Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-23T20:15:05.417

Modified: 2024-09-26T13:32:55.343

Link: CVE-2024-46639

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.