CVE-2024-27125
published 2024-09-06CVE-2024-27125: A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow authenticated administrators to…
medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
Helpdesk 3.3.1 and later
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qnap | helpdesk | < 3.3.1 | 3.3.1 |
| qnap_systems_inc | helpdesk | >= 3.3.x < 3.3.1 | 3.3.1 |