trudesk
by Truedesk
CVEs (19)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-26982 | 0.00 | — | 0.02 | Mar 29, 2023 | Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function. | |||
| CVE-2022-2128 | 0.00 | — | 0.00 | Jun 20, 2022 | Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4. | |||
| CVE-2022-2023 | 0.00 | — | 0.00 | Jun 20, 2022 | Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4. | |||
| CVE-2022-1947 | 0.00 | — | 0.01 | May 31, 2022 | Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3. | |||
| CVE-2022-1808 | 0.00 | — | 0.01 | May 31, 2022 | Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3. | |||
| CVE-2022-1893 | 0.00 | — | 0.00 | May 31, 2022 | Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository polonel/trudesk prior to 1.2.3. | |||
| CVE-2022-1926 | 0.00 | — | 0.00 | May 31, 2022 | Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3. | |||
| CVE-2022-1931 | 0.00 | — | 0.00 | May 31, 2022 | Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3. | |||
| CVE-2022-1752 | 0.00 | — | 0.00 | May 21, 2022 | Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2. | |||
| CVE-2022-1775 | 0.00 | — | 0.00 | May 20, 2022 | Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2. | |||
| CVE-2022-1803 | 0.00 | — | 0.00 | May 20, 2022 | Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2. | |||
| CVE-2022-1770 | 0.00 | — | 0.00 | May 20, 2022 | Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2. | |||
| CVE-2022-1754 | 0.00 | — | 0.00 | May 20, 2022 | Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2. | |||
| CVE-2022-1728 | 0.00 | — | 0.00 | May 16, 2022 | Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications. | |||
| CVE-2022-1718 | 0.00 | — | 0.01 | May 16, 2022 | The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in GitHub repository polonel/trudesk prior to 1.2.2. This can lead to Denial of… | |||
| CVE-2022-1719 | 0.00 | — | 0.00 | May 16, 2022 | Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page | |||
| CVE-2022-1044 | 0.00 | — | 0.00 | May 12, 2022 | Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1. | |||
| CVE-2022-1045 | 0.00 | — | 0.00 | Apr 11, 2022 | Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0. | |||
| CVE-2022-1290 | 0.00 | — | 0.00 | Apr 10, 2022 | Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse. |
- CVE-2023-26982Mar 29, 2023risk 0.00cvss —epss 0.02
Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function.
- CVE-2022-2128Jun 20, 2022risk 0.00cvss —epss 0.00
Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4.
- CVE-2022-2023Jun 20, 2022risk 0.00cvss —epss 0.00
Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4.
- CVE-2022-1947May 31, 2022risk 0.00cvss —epss 0.01
Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3.
- CVE-2022-1808May 31, 2022risk 0.00cvss —epss 0.01
Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3.
- CVE-2022-1893May 31, 2022risk 0.00cvss —epss 0.00
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository polonel/trudesk prior to 1.2.3.
- CVE-2022-1926May 31, 2022risk 0.00cvss —epss 0.00
Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3.
- CVE-2022-1931May 31, 2022risk 0.00cvss —epss 0.00
Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3.
- CVE-2022-1752May 21, 2022risk 0.00cvss —epss 0.00
Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2.
- CVE-2022-1775May 20, 2022risk 0.00cvss —epss 0.00
Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2.
- CVE-2022-1803May 20, 2022risk 0.00cvss —epss 0.00
Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2.
- CVE-2022-1770May 20, 2022risk 0.00cvss —epss 0.00
Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2.
- CVE-2022-1754May 20, 2022risk 0.00cvss —epss 0.00
Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2.
- CVE-2022-1728May 16, 2022risk 0.00cvss —epss 0.00
Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.
- CVE-2022-1718May 16, 2022risk 0.00cvss —epss 0.01
The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in GitHub repository polonel/trudesk prior to 1.2.2. This can lead to Denial of…
- CVE-2022-1719May 16, 2022risk 0.00cvss —epss 0.00
Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page
- CVE-2022-1044May 12, 2022risk 0.00cvss —epss 0.00
Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1.
- CVE-2022-1045Apr 11, 2022risk 0.00cvss —epss 0.00
Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0.
- CVE-2022-1290Apr 10, 2022risk 0.00cvss —epss 0.00
Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.