HaloITSM versions up to 2.146.1 are affected by a Stored Cross-Site Scripting (XSS) vulnerability. The injected JavaScript code can execute arbitrary action on behalf of the user accessing a ticket. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.
References
Link | Resource |
---|---|
https://haloitsm.com/guides/article/?kbid=2152 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
29 Aug 2024, 17:53
Type | Values Removed | Values Added |
---|---|---|
First Time |
Haloservicesolutions haloitsm
Haloservicesolutions |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CPE | cpe:2.3:a:haloservicesolutions:haloitsm:*:*:*:*:*:*:*:* | |
References | () https://haloitsm.com/guides/article/?kbid=2152 - Vendor Advisory |
06 Aug 2024, 16:30
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 Aug 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-06 06:15
Updated : 2024-08-29 17:53
NVD link : CVE-2024-6200
Mitre link : CVE-2024-6200
CVE.ORG link : CVE-2024-6200
JSON object : View
Products Affected
haloservicesolutions
- haloitsm
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')