Vulnerabilities (CVE)

Filtered by vendor Uvdesk Subscribe
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-37635 1 Uvdesk 1 Community-skeleton 2024-11-21 N/A 9.8 CRITICAL
UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application.
CVE-2023-1197 1 Uvdesk 1 Community-skeleton 2024-11-21 N/A 4.8 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0.
CVE-2023-0325 1 Uvdesk 1 Community-skeleton 2024-11-21 N/A 6.1 MEDIUM
Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket.
CVE-2023-0265 1 Uvdesk 1 Community-skeleton 2024-11-21 N/A 8.8 HIGH
Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.