uvdesk/community-skeleton

Packagist3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting uvdesk/community-skeletonpage 1 of 1

CVE-2023-0265HIGHCVSS 8.8EG 8.8
2023-04-04
vulnerable: v1.0.0 ... v1.1.1 (19 versions)
Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.
CVE-2023-0325MEDIUMCVSS 6.1EG 6.1
2023-04-04
vulnerable: v1.0.0 ... v1.1.1 (19 versions)
Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket.
CVE-2023-1197MEDIUMCVSS 4.8EG 4.8✓ Fixed in 1.1.0
2023-03-06
vulnerable: v1.0.0 ... v1.0.9 (17 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0.

Check whether uvdesk/community-skeleton is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for uvdesk/community-skeleton CVEs against the assets you own.

Start Free Scan →