Community Skeleton

community-skeleton

Vendor: Uvdesk • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-37635 1Uvdesk 1Community Skeleton Nov 21, 2024 Oct 23, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application.
CVE-2023-0325 1Uvdesk 1Community Skeleton Jun 17, 2026 Apr 4, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticke...Show more Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket.Show less
CVE-2023-0265 1Uvdesk 1Community Skeleton Jun 17, 2026 Apr 4, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.
CVE-2023-1197 1Uvdesk 1Community Skeleton Jun 17, 2026 Mar 6, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0.