Chris Brame - Security Researcher - Exploit Intelligence Platform

CVE-2022-1044 WRITEUP MEDIUM WRITEUP

GitHub polonel/trudesk <1.2.1 - Info Disclosure

Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1.

CVSS 6.5

View Code

CVE-2022-1045 WRITEUP MEDIUM WRITEUP

trudesk < 1.2.0 - Stored Cross-Site Scripting via SVG File Upload

Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0.

CVSS 5.4

View Code

CVE-2022-1290 WRITEUP MEDIUM WRITEUP

trudesk < 1.2.0 - Stored Cross-Site Scripting in Name, Group Name, and Title Fields

Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.

CVSS 5.4

View Code

CVE-2022-2128 WRITEUP CRITICAL WRITEUP

GitHub polonel/trudesk <1.2.4 - File Injection

Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4.

CVSS 9.8

View Code