CVE-2019-25263 MEDIUM

CVE-2019-25263: Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting

Vendor Sweethawk

Product Zendesk App SweetHawk Survey

Weakness CWE-79 · XSS

Published February 3, 2026

Last update February 4, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through support ticket submissions. Attackers can insert XSS payloads like script tags into ticket text that automatically execute when survey pages are loaded by other users.

Key dates

02Disclosure timeline

February 3, 2026 CVE published

February 4, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-25263 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-8216 Sky Addons for Elementor <= 3.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets CVE-2023-6896 SourceCodester Simple Image Stack Website cross site scripting CVE-2025-30799 WordPress WP Google Street View plugin <= 1.1.5 - Cross Site Scripting (XSS) vulnerability CVE-2024-26156 ETIC Telecom Remote Access Server (RAS) Cross-site Scripting CVE-2025-1405 Product Catalog Simple <= 1.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via show_products Shortcode