Unauthenticated Remote Stored XSS Vulnerability in Uvdesk Version 1.1.1

Unauthenticated Remote Stored XSS Vulnerability in Uvdesk Version 1.1.1

CVE-2023-0325 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket.

Learn more about our Web Application Penetration Testing UK.