Stored Cross Site Scripting Vulnerability in HelpDeskZ Software
CVE-2024-46226

4.8MEDIUM

Key Information:

Vendor
HelpDeskZ
Status
HelpDeskZ
Vendor
CVE Published:
26 February 2025

Summary

A stored cross-site scripting vulnerability exists in HelpDeskZ versions prior to 2.0.2 that enables remote attackers to execute arbitrary JavaScript within the administration panel. This vulnerability arises when a malicious payload is included in a file name during the file upload process while creating a new ticket. An attacker can exploit this vulnerability by crafting a specially designed file and uploading it, compromising the security of the application and potentially affecting sensitive data managed through the HelpDeskZ software.

References

https://www.exploit-db.com/exploits/52068

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-46226 : Stored Cross Site Scripting Vulnerability in HelpDeskZ Software | SecurityVulnerability.io