Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
uvdesk community-skeleton 1.1.1 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-37636
A stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket.
Webkul Uvdesk 1.1.1
9.8
CVSSv3
CVE-2023-37635
UVDesk Community Skeleton v1.1.1 allows unauthenticated malicious users to perform brute force attacks on the login page to gain access to the application.
Uvdesk Community-skeleton 1.1.1
1 Github repository
8.8
CVSSv3
CVE-2023-0265
Uvdesk version 1.1.1 allows an authenticated remote malicious user to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.
Uvdesk Community-skeleton 1.1.1
6.1
CVSSv3
CVE-2023-0325
Uvdesk version 1.1.1 allows an unauthenticated remote malicious user to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket.
Uvdesk Community-skeleton 1.1.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started