mods-for-hesk CVE Vulnerabilities & CVE List (3)

Products (CPE): — CVEs: 3

mods-for-hesk vulnerability overview

Aggregates CVE and security vulnerability intelligence across all mods-for-hesk-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk sql injection and vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact session compromise and vendor impact data exposure.

Vulnerability distribution trend (last 24 months)

Showing 13 of 3 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2020-13994 An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This might be exploitable in conjunction with CVE-2020-13992 by an unauthenticated attacker. [email protected] 8.8 7.36% 2020-07-09 2026-06-16
CVE-2020-13993 An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated attackers to retrieve information from the database via a ticket. [email protected] 7.5 2.05% 2020-07-09 2026-06-16
CVE-2020-13992 An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Stored XSS issue allows remote unauthenticated attackers to abuse a helpdesk user's logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket. [email protected] 6.1 1.21% 2020-07-09 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence