Security
Headlines
HeadlinesLatestCVEs

Headline

Helpdeskz 2.0.2 Cross Site Scripting

Helpdeskz version 2.0.2 suffers from a persistent cross site scripting vulnerability.

Packet Storm
#xss#vulnerability#google#linux#git#auth#firefox
# Exploit Title: Stored XSS Vulnerability via File Name# Google Dork: N/A# Date: 08 Aug 2024# Exploit Author: Md. Sadikul Islam# Vendor Homepage: https://www.helpdeskz.com/# Software Link:https://github.com/helpdesk-z/helpdeskz-dev/archive/2.0.2.zip# Version: v2.0.2# Tested on: Kali Linux /  Firefox 115.1.0esr (64-bit)# CVE : N/APayload: "><img src=x onerror=alert(1);>Filename can be Payload: "><img src=x onerror=alert(1);>.jpgVIdeo PoC:https://drive.google.com/file/d/1_yh0UsX8h7YcSU1kFvg_bBwk9T7kx1K1/view?usp=drive_linkSteps to Reproduce:    1. Log in as a regular user and create a new ticket.    2. Fill out all the required fields with the necessary information.    3. Attach an image file with a malicious payload embedded in thefilename.    4. Submit the ticket.    5. Access the ticket from the administration panel to trigger thepayload execution.Cross-Site Scripting (XSS) exploits can compromise the administrationpanel, directly affecting administrators by allowing malicious scripts toexecute within their privileged environment.

Packet Storm: Latest News

Red Hat Security Advisory 2024-8690-03