CVE-2024-27125 — Vulnetix

CVE-2024-27125 PUBLISHED CVSS 3.5 LOW

A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following version: Helpdesk 3.3.1 and later

EPSS 0.64% · 70.9th percentile

Risk Scores

CVSS v3.1

3.5

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

EPSS Score

0.64%

70.9th percentile

Affected Products

Vendor	Product	Versions
QNAP Systems Inc.	Helpdesk	3.3.x
qnap	helpdesk	0

Timeline

Sep 6, 2024 CVE Published
Sep 6, 2024 PoC Published
Sep 7, 2024 EPSS Score
Sep 27, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 17, 2024 EPSS Score
Nov 6, 2024 EPSS Score
Nov 26, 2024 EPSS Score
Dec 17, 2024 EPSS Score
Jan 6, 2025 EPSS Score
Jan 26, 2025 EPSS Score
Feb 14, 2025 EPSS Score

References

https://www.qnap.com/go/security-advisory/qsa-24-24 advisory
https://www.qnap.com/go/security-advisory/qsa-24-26 advisory
https://www.qnap.com/go/security-advisory/qsa-24-34 advisory
https://www.qnap.com/go/security-advisory/qsa-24-30 advisory
https://www.qnap.com/go/security-advisory/qsa-24-21 advisory
https://www.qnap.com/go/security-advisory/qsa-24-27 advisory
https://www.qnap.com/go/security-advisory/qsa-24-29 advisory
https://www.qnap.com/go/security-advisory/qsa-24-28 advisory
https://www.qnap.com/go/security-advisory/qsa-24-32 advisory
https://www.qnap.com/go/security-advisory/qsa-24-25 advisory
https://www.qnap.com/go/security-advisory/qsa-24-33 advisory
https://www.qnap.com/go/security-advisory/qsa-24-22 advisory
https://www.qnap.com/go/security-advisory/qsa-24-35 advisory
https://www.qnap.com/en/security-advisory/qsa-24-29 url
https://nvd.nist.gov/vuln/detail/CVE-2024-27125 advisory

Open in Interactive Console →