Issuetrak
by Issuetrak
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-2271 | Hig | 0.50 | 7.7 | 0.00 | Mar 13, 2025 | A vulnerability exists in Issuetrak v17.2.2 and prior that allows a low-privileged user to access audit results of other users by exploiting an Insecure Direct Object Reference (IDOR) vulnerability in the Issuetrak audit component. The vulnerability enables unauthorized access… | ||
| CVE-2024-12123 | Med | 0.34 | — | 0.00 | Dec 4, 2024 | A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. When an authenticated user submits a ticket, the request can be intercepted and subsequently modified by using a proxy. The ticket requester… | ||
| CVE-2024-11479 | Med | 0.33 | — | 0.00 | Dec 4, 2024 | A HTML Injection vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. HTML markup could be added to comments of tickets, which when submitted will render in the emails sent to all users on that ticket. |
- risk 0.50cvss 7.7epss 0.00
A vulnerability exists in Issuetrak v17.2.2 and prior that allows a low-privileged user to access audit results of other users by exploiting an Insecure Direct Object Reference (IDOR) vulnerability in the Issuetrak audit component. The vulnerability enables unauthorized access…
- risk 0.34cvss —epss 0.00
A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. When an authenticated user submits a ticket, the request can be intercepted and subsequently modified by using a proxy. The ticket requester…
- risk 0.33cvss —epss 0.00
A HTML Injection vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. HTML markup could be added to comments of tickets, which when submitted will render in the emails sent to all users on that ticket.