XSS Vulnerabilities in Popular Helpdesk Software Deskpro

We recently saw what can happen when remote access software is compromised in the Florida water supply attack.


In the same vein, the Checkmarx research team has discovered vulnerabilities in DeskPro, a multichannel helpdesk solution serving a number of world-leading organizations. The vulnerabilities would have allowed attackers to hijack administrative privileges and eventually execute actions on a victim’s behalf.


According to Checkmarx, "Successful exploitation of the discovered XSS vulnerability could have allowed attackers to hijack the sessions of admins and takeover the accounts of helpdesk agents. This would give the attackers the same privileges as admins and agents in terms of what they can execute, or the information they are exposed to. In certain cases, attackers would have been able to reset the helpdesk, wiping all system data."


For more information, please visit the Checkmarx blog: https://www.checkmarx.com/blog/assistance-required-xss-vulnerability-discovered-in-helpdesk-software-solution-deskpro/