Vulnerabilities > Deskpro
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-21 | CVE-2021-35391 | Server-Side Request Forgery (SSRF) vulnerability in Deskpro 2021.21.6 Server Side Request Forgery vulnerability found in Deskpro Support Desk v2021.21.6 allows attackers to execute arbitrary code via a crafted URL. | 7.2 |
2021-09-08 | CVE-2021-36695 | Cross-site Scripting vulnerability in Deskpro 2021.1.6 Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting (XSS) vulnerability in the download file feature on a manager profile due to lack of input validation. | 3.5 |
2021-09-07 | CVE-2021-36696 | Cross-site Scripting vulnerability in Deskpro 2021.1.6 Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting (XSS) vulnerability in social media links on a user profile due to lack of input validation. | 3.5 |
2021-05-12 | CVE-2020-28722 | Cross-site Scripting vulnerability in Deskpro Deskpro Cloud Platform and on-premise 2020.2.3.48207 from 2020-07-30 contains a cross-site scripting (XSS) vulnerability that can lead to an account takeover via custom email templates. | 3.5 |
2020-04-01 | CVE-2020-11467 | Incorrect Permission Assignment for Critical Resource vulnerability in Deskpro An issue was discovered in Deskpro before 2019.8.0. | 6.5 |
2020-04-01 | CVE-2020-11466 | Information Exposure vulnerability in Deskpro An issue was discovered in Deskpro before 2019.8.0. | 4.0 |
2020-04-01 | CVE-2020-11465 | Improper Privilege Management vulnerability in Deskpro An issue was discovered in Deskpro before 2019.8.0. | 6.5 |
2020-04-01 | CVE-2020-11464 | Information Exposure vulnerability in Deskpro An issue was discovered in Deskpro before 2019.8.0. | 4.0 |
2020-04-01 | CVE-2020-11463 | Improper Privilege Management vulnerability in Deskpro An issue was discovered in Deskpro before 2019.8.0. | 5.0 |
2007-04-12 | CVE-2007-2011 | HTML Injection vulnerability in Deskpro 2.0.1 Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. network deskpro | 4.3 |