CVE-2023-1724
published 2023-06-24CVE-2023-1724: Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent permissions to perform privilege escalation on the application. This occurs because the…
PriorityP425medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.47%
37.0th percentile
Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent permissions to perform privilege escalation on the application. This occurs because the application is vulnerable to stored XSS.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ladybirdweb | faveo_helpdesk | <= 6.0.1 | — |
| ladybirdweb | faveo_helpdesk | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Use-after-free condition in Google Chrome WebGL
blogs_talos·2023-06-26·CVSS 8.8
[HIGH] Vulnerability Spotlight: Use-after-free condition in Google Chrome WebGL
## Vulnerability Spotlight: Use-after-free condition in Google Chrome WebGL
Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chrome’s Web Graphics Library (WebGL).
Google Chrome is a cross-platform web browser — and Chromium is the open-source version of the browser that both Google and other software developers use as the basis to build their browsers. This specific vulnerability exists in WebGL, a JavaScript API that renders 2-D and 3-D graphics.
TALOS-2023-1724 (CVE-2023-1531) occurs if the user opens a specially crafted web page in Chrome. That page could trigger a use-after-free condition in the application. Adversaries often leverage use-after-free conditions to corrupt data on the targeted machine or purposefully leak data.
Cisco Talos worked
Talos
Vulnerability Spotlight: Use-after-free condition in Google Chrome WebGL
blogs_talos·2023-06-26·CVSS 8.8
CVE-2023-1531 [HIGH] Vulnerability Spotlight: Use-after-free condition in Google Chrome WebGL
Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chrome’s Web Graphics Library (WebGL).
Google Chrome is a cross-platform web browser — and Chromium is the open-source version of the browser that both Google and other software developers use as the basis to build their browsers. This specific vulnerability exists in WebGL, a JavaScript API that renders 2-D and 3-D graphics.
TALOS-2023-1724 (CVE-2023-1531) occurs if the user opens a specially crafted web page in Chrome. That page could trigger a use-after-free condition in the application. Adversaries often leverage use-after-free conditions to corrupt data on the targeted machine or purposefully leak data.
Cisco Talos worked with Google to ensure that this issue is resolved and an update is available
2023-06-24
Published