Bounties
Partners
Community
Info
polonel / trudesk
Project repository
:coffee: :seedling: Trudesk is an open-source help desk/ticketing solution.
Submit a report
FIRST INTERACTION
WITHIN
N/A DAYS
REVIEW
WITHIN
73 DAYS
FIX
WITHIN
56 DAYS
Self XSS in Ticket
Dec 10th 2022
rezaduty
•
pending
XSS in Ticket Tags
Dec 10th 2022
rezaduty
•
pending
XSS in Site Legal Setting Privacy Policy
Dec 10th 2022
rezaduty
•
pending
Path Traversal leads to Delete all system files
Aug 4th 2022
thanhlocstudent
•
pending
Multiple bypass Restricted Upload File to perform Stored XSS
Aug 3rd 2022
thanhlocstudent
•
pending
Multiple Broken Access Controls lead to Website Defacement
Aug 3rd 2022
thanhlocstudent
•
pending
Insecure Direct Object Reference leads to change all User Information
Aug 3rd 2022
thanhlocstudent
•
pending
Stored Cross-Site Scripting (XSS) at Set Site Title
Jun 9th 2022
oldboysonnt
•
pending
Stored Cross-Site Scripting (XSS) at Upload Image Function
Jun 9th 2022
oldboysonnt
•
pending
Incorrect use of privileged APIs to steal victim's account
Jun 19th 2022
lengochoa7112000
•
Critical
•
$12
Critical
•
$12
•
CVE-2022-2023
CVE-2022-2023
Unrestricted Upload of File with any dangerous extension
Jun 19th 2022
lengochoa7112000
•
Critical
•
$12
Critical
•
$12
•
CVE-2022-2128
CVE-2022-2128
HTML Injection in message
Jun 2nd 2022
lengochoa7112000
•
not applicable
Cross-site Scripting (XSS) - Stored
May 26th 2022
kevin-mizu
•
duplicate
Medium
Incorrect Behavior Make Crash and Can not Access Account
May 30th 2022
lengochoa7112000
•
Critical
•
$10
Critical
•
$10
•
CVE-2022-1947
CVE-2022-1947
Send messenger to another user with any sender account
May 30th 2022
lengochoa7112000
•
Critical
•
$10
Critical
•
$10
•
CVE-2022-1931
CVE-2022-1931
cross-site scripting (XSS) generic
May 24th 2022
lengochoa7112000
•
duplicate
High
Cross-site Scripting (XSS) - Stored
May 24th 2022
lengochoa7112000
•
not applicable
Meta Data Is Not Stripped From images
May 30th 2022
akshayravic09yc47
•
Medium
Medium
•
CVE-2022-1893
CVE-2022-1893
Stored XSS in message conversations
May 21st 2022
domiee13
•
duplicate
High
Allocation of Resources Without Limits in
May 30th 2022
akshayravic09yc47
•
High
•
$5
High
•
$5
•
CVE-2022-1926
CVE-2022-1926
Cross-Site Request Forgery (CSRF)
May 19th 2022
khanhchauminh
•
duplicate
High
Cross-site Scripting (XSS) - Stored in Name field of User Profile
May 19th 2022
khanhchauminh
•
duplicate
Critical
Cross-site Scripting (XSS) - Stored
May 19th 2022
khanhchauminh
•
duplicate
Critical
UI REDRESSING
May 20th 2022
vishalvishw10
•
High
•
$5
High
•
$5
•
CVE-2022-1803
CVE-2022-1803
No BruteForce Protection
May 18th 2022
vishalvishw10
•
duplicate
High
Stored XSS in accounts/customers
May 18th 2022
vishalvishw10
•
duplicate
High
SESSION DOESNT EXPIRE AFTER PASSWORD CHANGE
May 17th 2022
vishalvishw10
•
duplicate
High
Weak Password Policy
May 20th 2022
vishalvishw10
•
High
•
$5
High
•
$5
•
CVE-2022-1775
CVE-2022-1775
Improper Neutralization of HTML tag's in the "Comment" box leads to open redirec...
May 18th 2022
sampritdas8
•
duplicate
Critical
HTML Injection in Ticket
May 18th 2022
vishalvishw10
•
duplicate
High
The trudesk application allows large characters to insert in the input field "Te...
May 17th 2022
vishalvishw10
•
duplicate
High
The trudesk application allows large characters to insert in the input field "Na...
May 20th 2022
vishalvishw10
•
High
•
$5
High
•
$5
•
CVE-2022-1754
CVE-2022-1754
Insufficient Session Expiration
May 20th 2022
sampritdas8
•
Critical
•
$10
Critical
•
$10
Cross-site Scripting (XSS) - Stored in polonel/trudesk
May 15th 2022
vishalvishw10
•
duplicate
Critical
Stored XSS via messaging functionality
May 15th 2022
nithissh200
•
duplicate
High
Allowing long password leads to denial of service in polonel/trudesk
May 15th 2022
vishalvishw10
•
High
•
$5
High
•
$5
•
CVE-2022-1728
CVE-2022-1728
Cross-site Scripting (XSS) - Reflected
May 15th 2022
tharunavula
•
duplicate
High
The trudesk application allows large characters to insert in the input field "Fu...
May 14th 2022
akshayravic09yc47
•
High
High
•
CVE-2022-1718
CVE-2022-1718
Improper Privilege Management API V2
May 20th 2022
tienpa99
•
Critical
Critical
•
CVE-2022-1770
CVE-2022-1770
Unrestricted File Upload and Path Traversal in upload image
May 20th 2022
tienpa99
•
Critical
Critical
•
CVE-2022-1752
CVE-2022-1752
Register users in spite of Allow User Registration disabled
May 20th 2022
tienpa99
•
High
High
Stored HTML Injection via Ticket Messages on the https://docker.trudesk.io/messa...
May 18th 2022
thewhiteevil
•
informative
Medium
Reflected XSS on ticket filter function
May 14th 2022
baharuddinzulkifli
•
Medium
Medium
•
CVE-2022-1719
CVE-2022-1719
Stored XSS via Messages on the https://docker.trudesk.io/messages/6273570c2e35a3...
May 15th 2022
thewhiteevil
•
duplicate
High
Stored XSS via Ticket File Upload part on the https://docker.trudesk.io/
May 12th 2022
thewhiteevil
•
duplicate
High
Stored XSS
Apr 19th 2022
baharuddinzulkifli
•
duplicate
Medium
XSS at chatbox
May 15th 2022
minhnb11
•
duplicate
High
Stored XSS in "Title"
Apr 20th 2022
sampritdas8
•
duplicate
Critical
Stored XSS in "Group Name"
Apr 20th 2022
sampritdas8
•
duplicate
Critical
Stored XSS in "Name", "Group Name" & "Title"
Apr 10th 2022
sampritdas8
•
Critical
Critical
•
CVE-2022-1290
CVE-2022-1290
Sensitive Data Exposure Due To Insecure Storage Of Profile Image
May 8th 2022
sampritdas8
•
High
High
•
CVE-2022-1044
CVE-2022-1044
Stored XSS viva .svg file upload
Apr 10th 2022
sampritdas8
•
Critical
Critical
•
CVE-2022-1045
CVE-2022-1045
Exposure of Sensitive Information to an Unauthorized Actor
May 20th 2022
1d8
•
High
High
Generation of Error Message Containing Sensitive Information
May 20th 2022
1d8
•
Medium
Medium
Cross-Site Request Forgery (CSRF)
May 20th 2022
1d8
•
Medium
Medium
Cross-site Scripting (XSS) - Stored
May 20th 2022
1d8
•
High
High
Improper Restriction of Excessive Authentication Attempts
May 20th 2022
sudheendra17
•
Medium
Medium
Cross-site Scripting (XSS) - Stored
May 14th 2022
govindpalakkal
•
duplicate
High
Cross-site Scripting (XSS) - Stored
May 14th 2022
govindpalakkal
•
duplicate
High
Unrestricted Upload of File with Dangerous Type
Jun 20th 2021
effectrenan
•
High
•
$25
High
•
$25
Cross-site Scripting (XSS) - Stored
May 30th 2022
effectrenan
•
High
•
$25
High
•
$25
Cross-site Scripting (XSS) - Stored
May 14th 2022
effectrenan
•
not applicable
Cross-site Scripting (XSS) - Stored
May 14th 2022
effectrenan
•
not applicable
Cross-site Scripting (XSS) - Stored
May 14th 2022
nedondev
•
not applicable
Cross-site Scripting (XSS) - Stored
May 14th 2022
nedondev
•
not applicable
Improper Privilege Management
Jun 21st 2021
ranjit-git
•
High
•
$25
High
•
$25
Least Privilege Violation
Jun 21st 2021
ranjit-git
•
High
•
$25
High
•
$25
Execution with Unnecessary Privileges
May 30th 2022
ranjit-git
•
High
•
$25
High
•
$25
•
CVE-2022-1808
CVE-2022-1808
Improper Handling of Insufficient Privileges
May 20th 2022
ranjit-git
•
informative
High
Improper Privilege Management
May 14th 2022
ranjit-git
•
not applicable
Improper Privilege Management
May 14th 2022
ranjit-git
•
not applicable
Execution with Unnecessary Privileges
May 14th 2022
ranjit-git
•
not applicable
Cross-site Scripting (XSS) - Stored
Jun 16th 2021
ranjit-git
•
High
•
$25
High
•
$25
Improper Privilege Management
May 14th 2022
ranjit-git
•
not applicable
Cross-site Scripting (XSS) - Stored
Jun 15th 2021
ranjit-git
•
Critical
•
$25
Critical
•
$25
Cross-site Scripting (XSS) - Stored
Jun 15th 2021
ranjit-git
•
Critical
•
$25
Critical
•
$25
CRITICAL
$0
HIGH
$0
MEDIUM
$0
LOW
$0
