Skip to main content

Destekz

2 CVEs product

Monthly

CVE-2026-4322 MEDIUM This Month

Reflected XSS in Destekz (all versions through 02062026) enables unauthenticated remote attackers to inject and execute arbitrary JavaScript in victim browsers by delivering crafted URLs containing unsanitized input. The CVSS scope change (S:C) confirms that successful exploitation can affect resources beyond the vulnerable application itself, such as the victim's browser session context. Critically, the vendor Raera has confirmed the product is end-of-life and unsupported, meaning no patch will ever be released and all deployed instances are permanently vulnerable. No public exploit code or CISA KEV listing has been identified at time of analysis.

XSS Destekz
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-4321 CRITICAL Act Now

SQL injection in Raera's Destekz support/help-desk application (all versions through 02062026) allows remote attackers to inject arbitrary SQL via unsanitized input, per the CVSS:3.1/AV:N/AC:L/PR:N/UI:N vector indicating unauthenticated network exploitation. TR-CERT rates this critical (9.8) with full confidentiality, integrity, and availability impact, meaning an attacker can read, modify, or destroy backend database contents. No public exploit identified at time of analysis, but the vendor has confirmed the product is no longer supported, so no fix will be issued.

SQLi Destekz
NVD
CVSS 3.1
9.8
EPSS
0.3%
EPSS 0% CVSS 6.1
MEDIUM This Month

Reflected XSS in Destekz (all versions through 02062026) enables unauthenticated remote attackers to inject and execute arbitrary JavaScript in victim browsers by delivering crafted URLs containing unsanitized input. The CVSS scope change (S:C) confirms that successful exploitation can affect resources beyond the vulnerable application itself, such as the victim's browser session context. Critically, the vendor Raera has confirmed the product is end-of-life and unsupported, meaning no patch will ever be released and all deployed instances are permanently vulnerable. No public exploit code or CISA KEV listing has been identified at time of analysis.

XSS Destekz
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

SQL injection in Raera's Destekz support/help-desk application (all versions through 02062026) allows remote attackers to inject arbitrary SQL via unsanitized input, per the CVSS:3.1/AV:N/AC:L/PR:N/UI:N vector indicating unauthenticated network exploitation. TR-CERT rates this critical (9.8) with full confidentiality, integrity, and availability impact, meaning an attacker can read, modify, or destroy backend database contents. No public exploit identified at time of analysis, but the vendor has confirmed the product is no longer supported, so no fix will be issued.

SQLi Destekz
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy