HaloITSM Affected by Stored Cross-Site Scripting Vulnerability
CVE-2024-6200

5.4MEDIUM

Key Information:

Vendor: Halo Service Solutions
Status: Haloitsm
Vendor: CVE Published:; 6 August 2024

🔔 Create Halo Service Solutions Vulnerability Alert

What is CVE-2024-6200?

HaloITSM versions up to 2.146.1 are affected by a Stored Cross-Site Scripting (XSS) vulnerability. The injected JavaScript code can execute arbitrary action on behalf of the user accessing a ticket. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.

Affected Version(s)

HaloITSM < 2.146.1

References

https://haloitsm.com/guides/article/?kbid=2152

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2024
Vulnerability Reserved
Jun 20, 2024

Credit

Damian Pfammatter, Cyber-Defence Campus (armasuisse)