CVE-2023-26982

MEDIUM

Trudesk v1.2.6 - Stored Cross-Site Scripting via Add Tags Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-26982. PoCs published by bypazs.

AI-analyzed exploit summary This repository provides a detailed technical explanation of CVE-2023-26982, a stored XSS vulnerability in Trudesk v1.2.6. It includes the attack vector, payload, and steps to reproduce the vulnerability.

Description

Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function.

Exploits (2)

nomisec WRITEUP

by bypazs · poc

https://github.com/bypazs/CVE-2023-26982

View Code ZIP pw:eip

This repository provides a detailed technical explanation of CVE-2023-26982, a stored XSS vulnerability in Trudesk v1.2.6. It includes the attack vector, payload, and steps to reproduce the vulnerability.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Trudesk v1.2.6

Auth required

Prerequisites: Authenticated user with privileges (user, support, or admin) · Access to the ticket creation and tag editing functionality

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WRITEUP

by bypazs · poc

https://github.com/bypazs/Duplicate-of-CVE-2023-26982

View Code ZIP pw:eip

This repository provides a detailed technical explanation of a stored XSS vulnerability in Trudesk version 1.2.6, including attack vectors, affected endpoints, and a payload example. It does not contain functional exploit code but offers a clear walkthrough of the vulnerability.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Trudesk version 1.2.6

Auth required

Prerequisites: Admin privileges on Trudesk · Access to the settings menu

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory

https://github.com/bypazs/CVE-2023-26982

Release Notes

https://github.com/polonel/trudesk/releases/tag/v1.2.6

Product

https://trudesk.io/

Scores

CVSS v3 5.4

EPSS 0.0102

EPSS Percentile 58.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

trudesk_project/trudesk 1.2.6

Published Mar 29, 2023

Tracked Since Feb 18, 2026