Vulnerabilities > Wyomind

DATE CVE VULNERABILITY TITLE RISK
2023-03-08 CVE-2021-33351 Cross-site Scripting vulnerability in Wyomind Help Desk
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field.
network
low complexity
wyomind CWE-79
critical
9.0
2023-03-08 CVE-2021-33352 Unrestricted Upload of File with Dangerous Type vulnerability in Wyomind Help Desk
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field.
network
low complexity
wyomind CWE-434
critical
9.8
2023-03-08 CVE-2021-33353 Path Traversal vulnerability in Wyomind Help Desk
Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting.
network
low complexity
wyomind CWE-22
critical
9.8