← Back

Helpspot

helpspot

Vendor: Userscape • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2017-16756
1Userscape
1Helpspot
Nov 21, 2024
Feb 19, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in Userscape HelpSpot before 4.7.2. A cross-site request forgery vulnerability exists on POST requests to the "index.php?pg=password.change" endpoint. This allows an attacker to change the passwor...Show more
An issue was discovered in Userscape HelpSpot before 4.7.2. A cross-site request forgery vulnerability exists on POST requests to the "index.php?pg=password.change" endpoint. This allows an attacker to change the password of another user's HelpSpot account.Show less
CVE-2017-16755
1Userscape
1Helpspot
Nov 21, 2024
Feb 19, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
An issue was discovered in Userscape HelpSpot before 4.7.2. A reflected cross-site scripting vulnerability exists in the "return" parameter of the "index.php?pg=moderated" endpoint. It executes when the return link is cl...Show more
An issue was discovered in Userscape HelpSpot before 4.7.2. A reflected cross-site scripting vulnerability exists in the "return" parameter of the "index.php?pg=moderated" endpoint. It executes when the return link is clicked.Show less