Filtered by vendor Deskpro
Subscribe
Search
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36695 | 1 Deskpro | 1 Deskpro | 2021-09-14 | 3.5 LOW | 5.4 MEDIUM |
| Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting (XSS) vulnerability in the download file feature on a manager profile due to lack of input validation. | |||||
| CVE-2021-36696 | 1 Deskpro | 1 Deskpro | 2021-09-13 | 3.5 LOW | 5.4 MEDIUM |
| Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting (XSS) vulnerability in social media links on a user profile due to lack of input validation. | |||||
| CVE-2020-11464 | 1 Deskpro | 1 Deskpro | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Deskpro before 2019.8.0. The /api/people endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve sensitive information about all users registered on the system. This includes their full name, privilege, email address, phone number, etc. | |||||
| CVE-2020-11466 | 1 Deskpro | 1 Deskpro | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Deskpro before 2019.8.0. The /api/tickets endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve arbitrary information about all helpdesk tickets stored in database with numerous filters. This leaked sensitive information to unauthorized parties. Additionally, it leaked ticket authentication code, making it possible to make changes to a ticket. | |||||
| CVE-2020-28722 | 1 Deskpro | 1 Deskpro | 2021-05-19 | 3.5 LOW | 5.4 MEDIUM |
| Deskpro Cloud Platform and on-premise 2020.2.3.48207 from 2020-07-30 contains a cross-site scripting (XSS) vulnerability that can lead to an account takeover via custom email templates. | |||||