10 results (0.016 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting. • https://www.exploit-db.com/exploits/50113 https://www.wyomind.com/magento2/helpdesk-magento-2.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field. • https://www.exploit-db.com/exploits/50113 https://www.wyomind.com/magento2/helpdesk-magento-2.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field. • https://www.exploit-db.com/exploits/50113 https://www.wyomind.com/magento2/helpdesk-magento-2.html • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

SysAid Help Desk before 22.1.65 allows XSS via the Asset Dashboard, aka FR# 67262. SysAid Help Desk versiones anteriores a 22.1.65, permite un ataque de tipo XSS por medio del Asset Dashboard, también se conoce como FR# 67262 • https://documentation.sysaid.com/docs/22165-release-notes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

SysAid Help Desk before 22.1.65 allows XSS via the Linked SRs field, aka FR# 67258. SysAid Help Desk versiones anteriores a 22.1.65, permite un ataque de tipo XSS por medio del campo Linked SRs, también se conoce como FR# 67258 • https://documentation.sysaid.com/docs/22165-release-notes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •