Skip to main content

Trudesk CVE-2022-1290

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2022-04-10 security@huntr.dev
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 10, 2022 - 16:15 nvd
MEDIUM 5.4

DescriptionNVD

Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.

AnalysisAI

Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse. Affected products include: Trudesk Project Trudesk.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2022-2128 CRITICAL POC
9.8 Jun 20

Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4. Rated critical seve

CVE-2022-2023 CRITICAL POC
9.8 Jun 20

Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4. Rated critical severity (CVSS 9.8)

CVE-2022-1775 CRITICAL POC
9.8 May 20

Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2. Rated critical severity (CVSS 9.8), this

CVE-2022-1808 HIGH POC
8.8 May 31

Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3. Rated high severity (CVSS 8.8

CVE-2022-1770 HIGH POC
8.8 May 20

Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2. Rated high severity (CVSS 8.8), this

CVE-2022-1931 HIGH POC
8.1 May 31

Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3. Rated high severity (CVSS 8.1), this vuln

CVE-2022-1752 HIGH POC
8.0 May 21

Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2. Rated high severity

CVE-2022-1718 HIGH POC
7.5 Sep 29

The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can a

CVE-2022-1803 MEDIUM POC
6.9 May 20

Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2. Rated medium s

CVE-2022-1947 MEDIUM POC
6.5 May 31

Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3. Rated medium severity (CVSS 6.5), this vu

CVE-2022-1754 MEDIUM POC
6.5 May 20

Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2. Rated medium severity (CVSS 6.5), th

CVE-2022-1728 MEDIUM POC
6.5 May 16

Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2

Share

CVE-2022-1290 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy