Vulnerabilities found by WebShield
This page preserves earlier public vulnerability notes published by WebShield. The findings concerned Mirasvit Helpdesk MX versions before 1.5.3 and were referenced as CVE-2017-14320 and CVE-2017-14321 on the original WebShield disclosure page.
The notes below are kept as a concise historical disclosure record.
CVE-2017-14320
Malicious file upload vulnerability in Mirasvit Helpdesk MX.
| Field | Details |
|---|---|
| Affected software | Mirasvit Helpdesk MX, version before 1.5.3 |
| Vulnerability type | Malicious file upload |
| Summary | Uploaded files were not filtered sufficiently. Although stored files had no extension, an attacker could upload an infected or executable file that an administrator could later download or run. |
Official references:
CVE-2017-14321
Multiple cross-site scripting vulnerabilities in Mirasvit Helpdesk MX.
| Field | Details |
|---|---|
| Affected software | Mirasvit Helpdesk MX, version before 1.5.3 |
| Vulnerability type | Multiple XSS vulnerabilities |
| Summary | The module did not properly filter user-controlled input, including the customer name and ticket subject. Malicious script content submitted through these fields could be executed in the administrative helpdesk interface. |
Official references:
Responsible disclosure and security work
WebShield's current work focuses on WordPress hardening, malware cleanup, monitoring and recovery.
Need help with a compromised WordPress site?
WebShield can investigate infections, remove malware and help reduce the chance of reinfection.