CVE-2023-26982
Description
Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Trudesk v1.2.6 contains a stored XSS vulnerability in the Add Tags parameter of the Create Ticket function.
Vulnerability
Trudesk v1.2.6 suffers from a stored cross-site scripting (XSS) vulnerability in the Add Tags parameter of the Create Ticket function [2][3]. The vulnerability allows an attacker to inject arbitrary HTML/JavaScript that is stored and executed when the ticket is viewed.
Exploitation
An attacker with a valid account (user, support, or admin privileges) can create a ticket, then edit its tags and insert a malicious payload (e.g., `) into the Add Tags` input field [3]. The payload executes immediately upon saving the tag [3].
Impact
Successful exploitation leads to arbitrary JavaScript execution in the context of the victim's browser, potentially allowing session hijacking, defacement, or theft of sensitive information [3]. The XSS is stored, affecting any user who views the ticket.
Mitigation
As of the publication date (2023-03-29), no patched version has been released [2][3]. Users should restrict access to Trudesk instances and monitor for updates from the vendor [1]. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Trudesk/Trudeskdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.