CVE-2023-1724: Faveo Helpdesk Enterprise 6.0.1 - Privilege Escalation via Stored XSS

7.3 CVSS

Description

Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent permissions to perform privilege escalation on the application. This occurs because the application is vulnerable to stored XSS.

Classification

CVE ID: CVE-2023-1724

CVSS Base Severity: HIGH

CVSS Base Score: 7.3

Affected Products

Vendor: Ladybirdweb

Product: Faveo Helpdesk

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.08% (probability of being exploited)

EPSS Percentile: 37.04% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://github.com/ladybirdweb/faveo-helpdesk/
https://fluidattacks.com/advisories/towers/

Timeline

2024-11-28 00:10:49 UTC
CVE

Faveo Helpdesk Enterprise 6.0.1 - Privilege Escalation via Stored XSS