Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mods_for_hesk
(Mods\-For\-Hesk)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-07-09 | CVE-2020-13992 | An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Stored XSS issue allows remote unauthenticated attackers to abuse a helpdesk user's logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket. | Mods_for_hesk | 6.1 | ||
| 2020-07-09 | CVE-2020-13993 | An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated attackers to retrieve information from the database via a ticket. | Mods_for_hesk | 7.5 | ||
| 2020-07-09 | CVE-2020-13994 | An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This might be exploitable in conjunction with CVE-2020-13992 by an unauthenticated attacker. | Mods_for_hesk | 8.8 |