CVE-2024-46639

HIGH Year: 2024
CVSS v3 Score
7.6
High
Weakness Type
CWE-94
View all →

Vulnerability Description

A cross-site scripting (XSS) vulnerability in HelpDeskZ v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field of Custom Fields message box.

Related Vulnerabilities

CVE-2021-38448

HIGH
CVSS:7.6(High)

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.

CWE-942021

CVE-2022-3721

HIGH
CVSS:7.6(High)

Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39.

CWE-942022

CVE-2024-21689

HIGH
CVSS:7.6(High)

This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This RCE (Remote C...

CWE-942024

CVE-2024-27705

HIGH
CVSS:7.6(High)

Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint.

CWE-942024

CVE-2024-29399

HIGH
CVSS:7.6(High)

An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component.

CWE-942024