CVE-2023-0357

CVSS 6.1 MEDIUMEPSS 0.7%CWE-79

Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Produtos afetados

n/a · Helpy

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://fluidattacks.com/advisories/quayle/https://github.com/helpyio/helpy/