Trudesk
CVE-2022-1290
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
AnalysisAI
Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse. Affected products include: Trudesk Project Trudesk.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4. Rated critical seve
Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4. Rated critical severity (CVSS 9.8)
Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2. Rated critical severity (CVSS 9.8), this
Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3. Rated high severity (CVSS 8.8
Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2. Rated high severity (CVSS 8.8), this
Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3. Rated high severity (CVSS 8.1), this vuln
Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2. Rated high severity
The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can a
Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2. Rated medium s
Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3. Rated medium severity (CVSS 6.5), this vu
Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2. Rated medium severity (CVSS 6.5), th
Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today