CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page

**Description**

Ticket management filter in Trudesk v1.2.0 allow user to perform XSS due to improper validation on filter attribute such as "status", "ticket type", "assignee" and etc.

**Proof of Concept**

1.  Login to Trudesk with role user privilege
2.  Tickets -> Filter ticket
3.  Filter for ticket status (poc on attribute status)
4.  Insert payload in the filter result

**Endpoint**

1.  http://{IP}/tickets/filter/

**Payload used**

1.  "><img src=a onerror=alert(document.domain)>

**Screenshot POC**

1.  ticket filter
2.  xss domain
3.  xss cookie

**Impact**

This vulnerability is capable of executing a malicious javascript code in web page

**Occurrences**

Headline

CVE-2022-1719: Reflected XSS on ticket filter function in trudesk

CVE: Latest News