Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id.
AnalysisAI
Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-425. Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id. Affected products include: Vision Helpdesk. Version information: before 5.7.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
SQL injection in Frappe HelpDesk 1.14.0 dashboard functionality allows authenticated attackers to execute arbitrary SQL
Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 buil
The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remot
An improper access control vulnerability has been reported to affect QNAP NAS. Rated high severity (CVSS 8.8), this vuln
An improper certificate validation vulnerability has been reported to affect Helpdesk. Rated high severity (CVSS 7.7), t
This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Rated med
GFI HelpDesk before version 4.99.9 allows authenticated staff members to inject persistent JavaScript into ticket subjec
Stored cross-site scripting in GFI HelpDesk before version 4.99.9 allows authenticated staff members to inject arbitrary
Stored cross-site scripting in GFI HelpDesk before version 4.99.10 allows authenticated attackers to inject arbitrary Ja
GFI HelpDesk before version 4.99.9 contains a stored cross-site scripting vulnerability in language management where the
GFI HelpDesk before version 4.99.9 allows authenticated administrators to inject stored cross-site scripting (XSS) paylo
A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. Rated medium severity (CVSS 4.8), this
Same weakness CWE-425 – Direct Request ('Forced Browsing')
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2024-55551
GHSA-gqwq-8j5x-ghf8