Zucchetti ≫ Helpdeskadvanced

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the WSCView/Save function.

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can delete admin users by sending a request to the "WSCView/Delete" function.

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Navigator/Index function.

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the Filter/FilterEditor function.

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Request Forgery (CSRF) via the WSCView function.

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Attachment/DownloadTempFile function.

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via Email/SaveAttachment function.

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the WSCView/Save function.

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can edit their own ACL rules by sending a request to the "AclList/SaveAclRules" administrative function.

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal. Arbitrary files can be created on the system via authenticated SOAP requests to the WSConnector service.