← back
CVE-2019-25263

Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79
Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through support ticket submissions. Attackers can insert XSS payloads like script tags into ticket text that automatically execute when survey pages are loaded by other users.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Affected products
Sweethawk · Zendesk App SweetHawk Survey

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://sweethawk.co/zendesk/survey-apphttps://www.exploit-db.com/exploits/47781https://www.vulncheck.com/advisories/zendesk-app-sweethawk-survey-persistent-cross-site-scriptinghttps://www.zendesk.com/apps/support/survey/