CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1719 – Reflected XSS on ticket filter function in polonel/trudesk
https://notcve.org/view.php?id=CVE-2022-1719
Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page Un ataque de tipo XSS reflejado en la función ticket filter en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.2. Esta vulnerabilidad es capaz de ejecutar un código javascript malicioso en la página web • https://github.com/polonel/trudesk/commit/36a542abbbb74828338ce402d65653ac58db42e0 https://huntr.dev/bounties/790ba3fd-41e9-4393-8e2f-71161b56279b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1044 – Sensitive Data Exposure Due To Insecure Storage Of Profile Image in polonel/trudesk
https://notcve.org/view.php?id=CVE-2022-1044
Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1. Una Exposición de datos Confidenciales debido al Almacenamiento no Seguro de la Imagen del Perfil en el repositorio de GitHub polonel/trudesk versiones anteriores a v1.2.1 • https://github.com/polonel/trudesk/commit/097b4823935c4fa524e71ab2dd107cf2056922b0 https://huntr.dev/bounties/ff878be9-563a-4d0e-99c1-fc3c767f6d3e • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1045 – Stored XSS viva .svg file upload in polonel/trudesk
https://notcve.org/view.php?id=CVE-2022-1045
Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0. Una vulnerabilidad de tipo XSS almacenado por medio de una carga de archivos .svg en el repositorio de GitHub polonel/trudesk versiones anteriores a v1.2.0 • https://github.com/polonel/trudesk/commit/c4b262c2613d4a8865de0b3252112544bd81997a https://huntr.dev/bounties/b0c4f992-4ac8-4479-82f4-367ed1a2a826 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1290 – Stored XSS in "Name", "Group Name" & "Title" in polonel/trudesk
https://notcve.org/view.php?id=CVE-2022-1290
Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse. Una vulnerabilidad de tipo XSS almacenado en "Name", "Group Name" & "Title" en el repositorio de GitHub polonel/trudesk versiones anteriores a v1.2.0. Esto permite a atacantes ejecutar scripts maliciosos en el navegador del usuario y puede conllevar a un secuestro de la sesión, una exposición de datos confidenciales y cosas peores • https://github.com/polonel/trudesk/commit/4f48b3bb86ba66a0085803591065bb6437e864ec https://huntr.dev/bounties/da6d03e6-053f-43b6-99a7-78c2e386e3ed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •