Uvdesk Community-skeleton — known CVE vulnerabilities
Every CVE whose affected-product data names Uvdesk Community-skeleton, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2023-37635 — CVSS 9.8 (critical): UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the…
CVE-2023-0265 — CVSS 8.8 (high): Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application…
CVE-2023-0325 — CVSS 6.1 (medium): Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the…
CVE-2023-1197 — CVSS 4.8 (medium): Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0.