CVE-2024-46639

HIGH EPSS 36.7%

Published Sep 23, 20241y ago · Modified Jun 17, 20261w ago

7.6 CVSS 3.1

High

Published Sep 23, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A cross-site scripting (XSS) vulnerability in HelpDeskZ v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field of Custom Fields message box.

CVSS Details

Base Score

7.6

Exploitability

2.8

Impact

4.7

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity Low

Availability Low

Threat Intelligence

EPSS Exploit Probability

36.7% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-94 Improper Control of Generation of Code (Code Injection) Injection

References 2

gist.github.com https://gist.github.com/0xashfaq/45c3f300d125468161c3fa6e38576769
github.com https://github.com/0xashfaq/-HelpDeskZ-v2.0.2---Stored-Cross-Site-Scripting-XSS-

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.