Composer/Uvdesk/Community-Skeleton | GitLab Advisory Database

Uvdesk vulnerable to stored cross-site scripting (XSS)

Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket.

Uvdesk remote code execution vulnerability

Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0.

Advisories for Composer/Uvdesk/Community-Skeleton package