-
-
Save 0xashfaq/45c3f300d125468161c3fa6e38576769 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE-2024-46638: A Stored Cross-Site Scripting (XSS) vulnerability was discovered in HelpDeskZ v2.0.2. The vulnerability exists in the `Title` parameter within the Custom field section. By injecting malicious scripts into this parameter, an attacker can store the script within the application. When the content is viewed by other users, the malicious script is executed in their browsers, potentially leading to the compromise of user data, session hijacking, or other malicious actions. | |
| Software & Vendor Information : | |
| Title: HelpDeskZ - v2.0.2 - Stored XSS | |
| Vendor Homepage: https://www.helpdeskz.com | |
| Software Link: https://www.helpdeskz.com/download | |
| Version: Version 2.0.2 | |
| Attack Type: Remote | |
| Tested on: Windows 10 | Firefox and Chrome (Latest Version) | |
| Published a write-up: https://github.com/0xashfaq/-HelpDeskZ-v2.0.2---Stored-Cross-Site-Scripting-XSS- | |
| Discovered by Md. Ashfaqul Haq, 14 Aug 2024. | |
| Publishing References: | |
| https://www.cve.org/CVERecord?id=CVE-2024-46639 | |
| https://nvd.nist.gov/vuln/detail/CVE-2024-46639 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment