Zucchetti Helpdeskadvanced — known CVE vulnerabilities
Every CVE whose affected-product data names Zucchetti Helpdeskadvanced, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2023-42228 — CVSS 8.8 (high): Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can edit their own ACL…
CVE-2023-42231 — CVSS 8.1 (high): Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can delete admin users…
CVE-2023-42226 — CVSS 7.5 (high): Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via Email/SaveAttachment function.
CVE-2023-42227 — CVSS 7.5 (high): Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the WSCView/Save function.
CVE-2023-42232 — CVSS 7.5 (high): Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Navigator/Index function.
CVE-2023-42225 — CVSS 7.5 (high): Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Attachment/DownloadTempFile function.
CVE-2023-42229 — CVSS 6.5 (medium): Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal. Arbitrary files can be created on the system via…
CVE-2023-42230 — CVSS 6.1 (medium): Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the WSCView/Save function.
CVE-2023-42233 — CVSS 6.1 (medium): Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the Filter/FilterEditor function.
CVE-2023-42234 — CVSS 5.4 (medium): Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Request Forgery (CSRF) via the WSCView function.