Browse all 3 CVE security advisories affecting issuetrak. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Issuetrak is a help desk and issue tracking platform primarily used for managing customer support, IT service management, and internal workflows. Historically, it has been vulnerable to classes including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and access control flaws. While no major public incidents have been widely documented, the three CVEs on record highlight persistent security concerns, particularly around authentication bypass and stored XSS vulnerabilities. These issues typically allow attackers to execute arbitrary code, steal session cookies, or elevate privileges to administrative levels, underscoring the need for rigorous input sanitization and secure coding practices in the application.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-2271 | IDOR in Issuetrak NewAuditID parameter via Inv_PopTrakXShow.asp — auditCWE-639 | 7.7 | High | 2025-03-13 |
| CVE-2024-12123 | Unauthorized Modification of Ticket Requester — IssuetrakCWE-472 | 4.3 | - | 2024-12-04 |
| CVE-2024-11479 | Authenticated HTML Injection in Issuetrak Ticket Comment Function — IssuetrakCWE-79 | 4.6 | - | 2024-12-04 |
This page lists every published CVE security advisory associated with issuetrak. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.