CVE-2023-0357

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-0357

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0357.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-0357

Published

2023-04-04T23:15:07Z

Modified

2025-02-13T19:52:18.360424Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket.

References

Affected packages

Git / github.com/helpyio/helpy

Affected ranges

Type: GIT
Repo: https://github.com/helpyio/helpy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

c7a58bd5a1bfcf72e29d8308041879148ed200ae

Affected versions

0.*

0.10

0.10.1.1

0.10.2

0.5.0

0.6.0

0.6.1

0.6.2

0.7.0

0.7.1

0.7.2

0.7.3

0.8.0

0.8.1

0.8.2

0.9.0

0.9.1

0.9.2

1.*

1.0

1.0.5

1.1.0

1.2

1.2.0

1.2.1

1.9.9

2.*

2.0.0

2.1.0

2.1.1

2.2.0

2.3.0

2.4.0

2.4.1

2.4.2

2.4.3

2.5.0

2.5.1

2.6.0

2.7.0

2.8.0