Vulnerabilities (CVE)

Filtered by vendor Mods-for-hesk Subscribe
Filtered by product Mods For Hesk
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-13994 1 Mods-for-hesk 1 Mods For Hesk 2024-11-21 6.5 MEDIUM 8.8 HIGH
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This might be exploitable in conjunction with CVE-2020-13992 by an unauthenticated attacker.
CVE-2020-13993 1 Mods-for-hesk 1 Mods For Hesk 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated attackers to retrieve information from the database via a ticket.
CVE-2020-13992 1 Mods-for-hesk 1 Mods For Hesk 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Stored XSS issue allows remote unauthenticated attackers to abuse a helpdesk user's logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket.