Vulnerabilities > Uvdesk

DATE CVE VULNERABILITY TITLE RISK
2023-10-23 CVE-2023-37635 Improper Restriction of Excessive Authentication Attempts vulnerability in Uvdesk Community-Skeleton 1.1.1
UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application.
network
low complexity
uvdesk CWE-307
critical
9.8
2023-04-04 CVE-2023-0265 Unrestricted Upload of File with Dangerous Type vulnerability in Uvdesk Community-Skeleton 1.1.1
Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server.
network
low complexity
uvdesk CWE-434
8.8
2023-04-04 CVE-2023-0325 Cross-site Scripting vulnerability in Uvdesk Community-Skeleton 1.1.1
Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application.
network
low complexity
uvdesk CWE-79
6.1
2023-03-06 CVE-2023-1197 Unspecified vulnerability in Uvdesk Community-Skeleton
Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0.
network
low complexity
uvdesk
4.8