Vulnerabilities > Deskpro

DATE	CVE	VULNERABILITY TITLE	RISK
2023-07-21	CVE-2021-35391	Server-Side Request Forgery (SSRF) vulnerability in Deskpro 2021.21.6 Server Side Request Forgery vulnerability found in Deskpro Support Desk v2021.21.6 allows attackers to execute arbitrary code via a crafted URL. network low complexity deskpro CWE-918	7.2
2021-09-08	CVE-2021-36695	Cross-site Scripting vulnerability in Deskpro 2021.1.6 Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting (XSS) vulnerability in the download file feature on a manager profile due to lack of input validation. network deskpro CWE-79	3.5
2021-09-07	CVE-2021-36696	Cross-site Scripting vulnerability in Deskpro 2021.1.6 Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting (XSS) vulnerability in social media links on a user profile due to lack of input validation. network deskpro CWE-79	3.5
2021-05-12	CVE-2020-28722	Cross-site Scripting vulnerability in Deskpro Deskpro Cloud Platform and on-premise 2020.2.3.48207 from 2020-07-30 contains a cross-site scripting (XSS) vulnerability that can lead to an account takeover via custom email templates. network deskpro CWE-79	3.5
2020-04-01	CVE-2020-11467	Incorrect Permission Assignment for Critical Resource vulnerability in Deskpro An issue was discovered in Deskpro before 2019.8.0. network low complexity deskpro CWE-732	6.5
2020-04-01	CVE-2020-11466	Information Exposure vulnerability in Deskpro An issue was discovered in Deskpro before 2019.8.0. network low complexity deskpro CWE-200	4.0
2020-04-01	CVE-2020-11465	Improper Privilege Management vulnerability in Deskpro An issue was discovered in Deskpro before 2019.8.0. network low complexity deskpro CWE-269	6.5
2020-04-01	CVE-2020-11464	Information Exposure vulnerability in Deskpro An issue was discovered in Deskpro before 2019.8.0. network low complexity deskpro CWE-200	4.0
2020-04-01	CVE-2020-11463	Improper Privilege Management vulnerability in Deskpro An issue was discovered in Deskpro before 2019.8.0. network low complexity deskpro CWE-269	5.0
2007-04-12	CVE-2007-2011	HTML Injection vulnerability in Deskpro 2.0.1 Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. network deskpro	4.3

Vulnerabilities > Deskpro {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Deskpro"}]}

Vulnerabilities > Deskpro