trudesk_project CVE 脆弱性と CVE 一覧(20)

製品(CPE): — CVE 件数: 20

trudesk_project 脆弱性概要

trudesk_project 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

過去の問題は主に vendor risk cross-site scripting and vendor risk csrf などに関し、一部は アプリケーションクラッシュ を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 120 / 20 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2021-45785 TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the victim (who has sufficient privileges), would visit the page and the server restart would begin. The attacker must know the full URL that TruDesk is on in order to craft the webpage. [email protected] 6.5 0.25% 2024-06-24 2026-06-17
CVE-2023-26982 Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function. [email protected] 5.4 1.02% 2023-03-29 2026-06-17
CVE-2022-1719 Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page [email protected] 5.4 0.69% 2022-09-28 2026-06-17
CVE-2022-1718 The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in GitHub repository polonel/trudesk prior to 1.2.2. This can lead to Denial of service. [email protected] 7.5 0.99% 2022-09-28 2026-06-17
CVE-2022-2128 Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4. [email protected] 9.8 2.65% 2022-06-20 2026-06-17
CVE-2022-2023 Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4. [email protected] 9.8 2.97% 2022-06-20 2026-06-17
CVE-2022-1947 Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3. [email protected] 6.5 1.18% 2022-05-31 2026-06-17
CVE-2022-1893 Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository polonel/trudesk prior to 1.2.3. [email protected] 4.6 0.77% 2022-05-31 2026-06-17
CVE-2022-1808 Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3. [email protected] 8.8 3.36% 2022-05-31 2026-06-17
CVE-2022-1926 Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3. [email protected] 4.9 0.90% 2022-05-31 2026-06-17
CVE-2022-1931 Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3. [email protected] 8.1 1.95% 2022-05-30 2026-06-17
CVE-2022-1752 Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2. [email protected] 8.0 2.21% 2022-05-20 2026-06-17
CVE-2022-1775 Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2. [email protected] 9.8 2.10% 2022-05-20 2026-06-17
CVE-2022-1803 Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2. [email protected] 6.9 1.53% 2022-05-20 2026-06-17
CVE-2022-1770 Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2. [email protected] 8.8 2.39% 2022-05-20 2026-06-17
CVE-2022-1754 Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2. [email protected] 6.5 0.98% 2022-05-20 2026-06-17
CVE-2022-1728 Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications. [email protected] 6.5 0.91% 2022-05-16 2026-06-17
CVE-2022-1044 Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1. [email protected] 6.5 0.83% 2022-05-12 2026-06-17
CVE-2022-1045 Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0. [email protected] 5.4 1.56% 2022-04-11 2026-06-17
CVE-2022-1290 Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse. [email protected] 5.4 1.58% 2022-04-10 2026-06-17
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence