Filtered by vendor Uvdesk
Subscriptions
Filtered by product Community-skeleton
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37635 | 1 Uvdesk | 1 Community-skeleton | 2023-10-30 | 9.8 Critical |
| UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application. | ||||
| CVE-2023-0325 | 1 Uvdesk | 1 Community-skeleton | 2023-04-11 | 6.1 Medium |
| Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket. | ||||
| CVE-2023-0265 | 1 Uvdesk | 1 Community-skeleton | 2023-04-11 | 8.8 High |
| Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers. | ||||
| CVE-2023-1197 | 1 Uvdesk | 1 Community-skeleton | 2023-03-11 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0. | ||||
Page 1 of 1.