XSS Vulnerability in HelpDeskZ Could Allow Partial Takeover of User Sessions
CVE-2024-2078

4.6MEDIUM

Key Information:

Vendor: Helpdeskz
Status: Helpdeskz
Vendor: CVE Published:; 1 March 2024

Summary

A Cross-Site Scripting (XSS) vulnerability has been found in HelpDeskZ affecting version 2.0.2 and earlier. This vulnerability could allow an attacker to send a specially crafted JavaScript payload within the email field and partially take control of an authenticated user's browser session.

Affected Version(s)

HelpDeskZ 0 <= 2.0.2

References

https://www.incibe.es/en/incibe-cert/notices/aviso/cross-...

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 1, 2024
Vulnerability Reserved
Mar 1, 2024

Credit

David Cámara Galindo