CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-6200

HaloITSM versions up to 2.146.1 are affected by a Stored Cross-Site Scripting (XSS) vulnerability. The injected JavaScript code can execute arbitrary action on behalf of the user accessing a ticket. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.9%

CVSS Severity

CVSS v3 Score 8.0

References

https://haloitsm.com/guides/article/?kbid=2152

Products affected by CVE-2024-6200

Haloservicesolutions » Haloitsm » Version: N/A

cpe:2.3:a:haloservicesolutions:haloitsm:-
Haloservicesolutions » Haloitsm » Version: 2.143.21

cpe:2.3:a:haloservicesolutions:haloitsm:2.143.21
Haloservicesolutions » Haloitsm » Version: 2.143.8

cpe:2.3:a:haloservicesolutions:haloitsm:2.143.8
Haloservicesolutions » Haloitsm » Version: 2.144

cpe:2.3:a:haloservicesolutions:haloitsm:2.144
Haloservicesolutions » Haloitsm » Version: 2.146

cpe:2.3:a:haloservicesolutions:haloitsm:2.146

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-6200

Products

Pricing

Contact Us