CVE-2020-28722

• Vulnerability Type: Stored Cross-Site-Scripting (sxss)
• Component: Custom Email-Templates
• Vendor: Deskpro
• Product: Deskpro Cloud Platform and on-premise
• Version: 2020.2.3.48207 from 2020-07-30
• Attacker: a low level authenticated user.
• Impact: an attacker can execute javascript which could lead to account take over.
• Vectors: an attacker just need to create a custom email template with a XSS payload inside it.
  
  
  

  Video PoC

  
  
  

  this is just a PoC, a proper write-up is comming soon

  CVE-2021-36695

  • Vulnerability Type: Stored Cross-Site-Scripting
  • Component: Download File Feature
  • Product: Deskpro Cloud Platform and On-Permise
  • Version: 2021.1.6 from 2021-06-01
  • Attacker: any authenticated non-admin user
  • Impact: an attacker can execute javascript which could leads to privilege escalation
  • Vector: An attacker just need to create a file download link with this payload, "javascript:alert(1)"
  
  
  

  Video PoC

  
  
  
  
  

  CVE-2021-36696

  • Vulnerability Type: Stored Cross-Site-Scripting
  • Component: social media links on profile
  • Product: Deskpro Cloud Platform and On-Premise
  • Version: 2021.1.6 from 2021-06-01
  • Attacker: An unathenticated non-admin user
  • Impact: An attacker can execute javascript on victim's ends which could lead to privilege escalation
  • Vector: An attacker needs to create a social media link on his profile with this xss payload, "javascript:alert(1)"
  
  
  

  Video PoC