| BDSA-2020-4151 |
|
Medium |
Feb 08, 2021 |
Support Incident Tracker is vulnerable to SQL injection (SQLi) due to a lack of sufficient sanitization of user-supplied input.
An attacker could use
more...
Support Incident Tracker is vulnerable to SQL injection (SQLi) due to a lack of sufficient sanitization of user-supplied input.
An attacker could use this issue to execute arbitrary SQL commands in order to extract potentially sensitive information from the database.
less...
|
|
| BDSA-2020-4147 |
|
Medium |
Feb 05, 2021 |
Support Incident Tracker is vulnerable to a cross-site scripting (XSS) issue due to how the `search_id` parameter present in the `search_incidents_adva
more...
Support Incident Tracker is vulnerable to a cross-site scripting (XSS) issue due to how the `search_id` parameter present in the `search_incidents_advanced.php` page is mishandled.
This could allow an attacker to inject arbitrary web scripts in order to steal a victim user's session tokens, cookies, or other information.
less...
|
|
| BDSA-2020-4146 |
|
Medium |
Feb 05, 2021 |
Support Incident Tracker is vulnerable to a cross-site scripting (XSS) issue due to how the `Load Plugins` parameter present in the `config.php` file i
more...
Support Incident Tracker is vulnerable to a cross-site scripting (XSS) issue due to how the `Load Plugins` parameter present in the `config.php` file is mishandled.
This could allow an attacker to inject arbitrary web scripts in order to steal a victim user's session tokens, cookies, or other information. The script payload can execute on the `about.php` page.
less...
|
|
| BDSA-2020-4145 |
|
Medium |
Feb 05, 2021 |
Support Incident Tracker is vulnerable to a cross-site scripting (XSS) issue due to how the `Short Application Name` and `Application Name` parameters
more...
Support Incident Tracker is vulnerable to a cross-site scripting (XSS) issue due to how the `Short Application Name` and `Application Name` parameters present in the `config.php` file are mishandled.
This could allow an attacker to inject arbitrary web scripts in order to steal a victim user's session tokens, cookies, or other information.
less...
|
|
| BDSA-2020-4141 |
|
Medium |
Feb 05, 2021 |
Support Incident Tracker is vulnerable to a cross-site scripting (XSS) issue due to how the `id` parameter is mishandled.
This could allow an attacker
more...
Support Incident Tracker is vulnerable to a cross-site scripting (XSS) issue due to how the `id` parameter is mishandled.
This could allow an attacker to inject arbitrary web scripts in order to steal a victim user's session tokens, cookies, or other information.
less...
|
|
