Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-1724: GitHub - ladybirdweb/faveo-helpdesk: Faveo Open source ticketing system build on Laravel framework

Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent permissions to perform privilege escalation on the application. This occurs because the application is vulnerable to stored XSS.

CVE
#sql#xss#vulnerability#web#apache#git#php#nginx#ssl
                 ______                      _    _      _           _           _    
                |  ____|                    | |  | |    | |         | |         | |   
                | |__ __ ___   _____  ___   | |__| | ___| |_ __   __| | ___  ___| | __
                |  __/ _` \ \ / / _ \/ _ \  |  __  |/ _ \ | '_ \ / _` |/ _ \/ __| |/ /
                | | | (_| |\ V /  __/ (_) | | |  | |  __/ | |_) | (_| |  __/\__ \   < 
                |_|  \__,_| \_/ \___|\___/  |_|  |_|\___|_| .__/ \__,_|\___||___/_|\_\
                                                          | |                         
                                                          |_|                         

Faveo Helpdesk provides Businesses with an automated Helpdesk system to manage customer support.

The word Faveo comes from Latin which means to be favourable. Which truly highlights vision and the scope as well as the functionality of the product that Faveo is. In today’s competitive startup scenario customer retention is one of the major challenges. Handling client query diligently is all the difference between retaining or losing a long lasting relationship. The company is driven with passion of providing tools for managing consumer queries for strategic insights and helping companies take those decisive decisions.

Faveo has been integrated with multiple platforms and new features being added each month.

Faveo can be customised according to requirement and we do undertake such request.

Flavors of Faveo

  • Faveo Help Desk Community Edition – Free, Open source edition
  • Faveo Help Desk Freelancer - Free version with features available in Faveo Enterprise Edition for two agents
  • Faveo Help Desk Enterprise Edition – Paid version with many advance features and integrations
  • Faveo Service Desk - Paid version for IT Assest management

View complete comparision list of all flavors of Faveo to select the most suitable solution for your business

Faveo Documentation

  • Faveo user Manual
  • Faveo API Documentation
  • Faveo Event List
  • Faveo Plugin creation guide

Requirements

To run Faveo your host just needs a couple of things:

  • PHP Version: 8.1+
  • Database: MySQL 8.0.x or MariaDB 10.6.x
  • Web Server: Apache / IIS / Nginx
  • PHP Extensions: Imap, Mbstring, Mcrypt, OpenSSL, PDO, Tokenizer, XML, Zip
  • Web Server Extension: Pretty URLs or Search Engine Friendly URLs have to be enabled in your web server configuration

Faveo Web Hosting

Ladybird Web Host Offers hosting with minimum requirement to host Faveo web application. Faveo has been tested on Ladybird Web Host servers & works very well in their server environment. All web hosting packages offered by Ladybird Web Host come with 30 day money back gurantee.

Credits

  • Laravel Framework
  • Admin LTE Theme

Website

Visit our website for more information on services offered by us www.faveohelpdesk.com

YouTube Channel

Find demo, installation, configuration, tutorial videos on our channel here

Road Map for Community Edition

See what all features are going to be part of upcoming releases here

Faveo Probe

Helps verify whether your server can run Faveo or not. Download here

Faveo Community

Join Faveo discussion group and stay tuned to latest updates.

  • Join us on LinkedIn
  • Join us on Slack Support the community edition

If you are using our product and want to support us Click here

Language translate

Help us translate Faveo into your native language Click here
We are following Laravel localization module, you can create language file in your branch and send a pull request.

Contributing

Create your own fork of Faveo master repositoray and use git-flow to create a new feature. Once the feature is published in your fork, send a pull request to begin the conversation of integrating your new feature into Faveo. Please see the contributing guidelines before sending pull requests.

Error Reporting

Faveo uses Bugsnag to monitor application stability in production enviroment. It helps us to provide bug fixes and feature updates after analyzing the logs and crash reports for the application. If you are customizing the application under development environment, we request you to disable this error reporting. It will allow us to ignore the errors occurred during your development cycle and we can focus more on the exceptions/bugs occuring in live system of other users of Faveo community. It can be easily disabled from “Error logs and debugging” option in admin panel or by updating your app environment to development in .env.

You can still report the issues on our Github Issue page by providing proper information about the changes you are trying to implement. We assure you that Faveo community will help you and your customization can be a part of Faveo application if it follows our contributing guidelines.

Security Policy****Supported Versions

Check mark versions are supported with security patches.

Version

Supported

2.0.1

2.0.0

< 1.0

Supported Updates

Security updates will be released once in a month. If it’s high priority, we will make it twice a month

Reporting a Vulnerability

Please report (suspected) security vulnerabilities to [email protected]. You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.

Help

Visit the issue page. And if you’d like professional help commercial support is available, email us through the contact form.

Follow Us

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907