Cross-Site Scripting vulnerability in HelpDeskZ

Posted date 01/03/2024
3 - Medium
Affected Resources

HelpDeskZ, version 2.0.2 and earlier.


INCIBE has coordinated the publication of 1 medium severity vulnerability affecting HelpDeskZ version 2.0.2 and earlier, a PHP-based software that allows website management through ticket allocation, which has been discovered by David Cámara Galindo.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:

  • CVE-2024-2078: 4.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N | CWE-79.

There is no reported solution at this time.


CVE-2024-2078: a Cross-Site Scripting (XSS) vulnerability has been found in HelpDeskZ affecting version 2.0.2 and earlier. This vulnerability could allow an attacker to send a specially crafted JavaScript payload within the email field and partially take control of an authenticated user's browser session.

References list