3 results (0.004 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3. La carga de archivos no autenticados permite la ejecución remota de código. Este problema afecta a UvDesk Community: desde 1.0.0 hasta 1.1.3. • https://github.com/uvdesk/core-framework/pull/706 https://pentraze.com/vulnerability-reports • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

A stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket. Una vulnerabilidad de Cross-Site Scripting (XSS) almacenada en UVDesk Community Skeleton v1.1.1 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado que se inyecta en el campo Mensaje al crear un ticket. • https://www.esecforte.com/cve-2023-37636-stored-cross-site-scripting • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3

An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file. Una vulnerabilidad de carga de archivos arbitrarios en Uvdesk 1.1.3 permite a los atacantes ejecutar código arbitrario mediante la carga de un archivo de imagen manipulado. Uvdesk version 1.1.3 suffers from a remote shell upload vulnerability. • https://www.exploit-db.com/exploits/51639 http://packetstormsecurity.com/files/173878/Uvdesk-1.1.3-Shell-Upload.html https://docs.google.com/document/d/1uv9DjHmKuDxZIjNhWX05EsxHEp8fGalXB7XK-QSyr_0/edit?usp=sharing • CWE-434: Unrestricted Upload of File with Dangerous Type •