Publish Date: Sept 8, 2022
SummaryWe've identified and fixed multiple issues in Cloud Help Desk. One that could present a stored cross-site scripting (XSS) vulnerability and one HTML injection vulnerability. Areas with vulnerabilities include the Cloud Help Desk "Tickets" page, and Cloud Help Desk emails.
Who’s Affected?At this time we do not believe any user was impacted by this vulnerability.
DetailsThis exploit used a type of cross-site scripting (XSS) called stored XSS. This allows an attacker to inject browser executable code through an input form and have the malicious code execute when someone else views the page. In these cases, an attacker could input malicious code to fields in the ticket content in the Cloud Help Desk. When the attacker’s Cloud Help Desk Tickets page is then viewed by a victim, the malicious code will execute,...