Vision Helpdesk v3.8.6 vulnerabilities

Vision Helpdesk v3.8.6 vulnerabilities

Vision Helpdesk is a web based Helpdesk software which allows to manage support for multiple companies at one place. The staff users can manage all companies tickets from single portal whereas individual companies will have their own client interface. This allow easy management for all tickets at one place.

WHMCS Complete Billing and Support

Recently there were few vulnerabilities discovered in Vision Helpdesk version 3.8.6 as follow:

[1] Vision HelpDesk – Add Contact Input Validation Failure.

There is an input validation vulnerability within the add contact function that could allow a malicious user to hijack any other account.

[2] Vision HelpDesk – Profile Input Validation Failure.

There is an input validation vulnerability within the profile function that could allow a malicious user to hijack any other account.

[3] Vision HelpDesk – XSS Admin Hijack.

There is an XSS vulnerability present that would allow a malicious user to obtain the admin session cookie which could then be used to hijack access to the panel.

Due to nature of the vulnerabilities, they were rated high. To address Vision Helpdesk v3.8.6 vulnerabilities, they have released a new version v3.8.8.

If you are using old version, it is strongly recommend that you upgrade to latest version as soon as possible.

Posted in Security.