CVE-2024-27125 LOW

CVE-2024-27125: Helpdesk

Vendor Qnap Systems Inc.
Product Helpdesk
Weakness CWE-79 · XSS
Published September 6, 2024
Last update September 6, 2024

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following version: Helpdesk 3.3.1 and later

Key dates

02Disclosure timeline

September 6, 2024 CVE published
September 6, 2024 Record updated