Uvdesk: Security Vulnerabilities
UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application.
CVSS Score
9.8
EPSS Score
0.082
Published
2023-10-23
Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.
CVSS Score
8.8
EPSS Score
0.004
Published
2023-04-04
Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-04-04
Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0.
CVSS Score
4.3
EPSS Score
0.0
Published
2023-03-06