Vulnerabilities > Ladybirdweb
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-24 | CVE-2023-1724 | Cross-site Scripting vulnerability in Ladybirdweb Faveo Helpdesk Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent permissions to perform privilege escalation on the application. | 5.4 |
2023-03-24 | CVE-2023-24625 | Authorization Bypass Through User-Controlled Key vulnerability in Ladybirdweb Faveo Servicedesk 5.0.1 Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference (IDOR) attack. | 6.5 |
2017-04-06 | CVE-2017-7571 | Cross-Site Request Forgery (CSRF) vulnerability in Ladybirdweb Faveo Helpdesk 1.9.3 public/rolechangeadmin in Faveo 1.9.3 allows CSRF. | 6.0 |