Uvdesk 1.1.1 - Stored Cross-Site Scripting
7.1
High
Discovered by
Offensive Team, Fluid Attacks
Summary
Full name
Uvdesk 1.1.1 - Stored Cross-Site Scripting
Code name
State
Public
Release date
Apr 10, 2023
Affected product
Uvdesk
Affected version(s)
Version 1.1.1
Vulnerability name
Stored cross-site scripting (XSS)
Vulnerability type
Remotely exploitable
Yes
CVSS v3.1 vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
CVSS v3.1 base score
7.1
Exploit available
Yes
CVE ID(s)
Description
Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket.
Vulnerability
This vulnerability occurs because the application does not correctly validate the message sent by the clients in the ticket.
Exploitation
We must send the payload xss through the ticket message. It is important to use a proxy here, because the payload will be encoded from javascript.
Our security policy
We have reserved the CVE-2023-0325 to refer to this issue from now on. Disclosure policy
System Information
Version: Uvdesk 1.1.1
Operating System: GNU/Linux
Mitigation
There is currently no patch available for this vulnerability.
References
Vendor page https://github.com/uvdesk/community-skeleton
Timeline
Vulnerability discovered
Jan 16, 2023
Vendor contacted
Jan 16, 2023
Vendor replied
Jan 16, 2023
Public disclosure
Apr 10, 2023
