Blind XSS via Suspended Ticket Recovery
High
Z
Zendesk
Submitted None
Team Summary
Official summary from Zendesk
A cross-site scripting (XSS) vulnerability was reported to us. We validated the issue, investigated to ensure it wasn't exploited, and implemented a remediation to all customers. Big thanks to @trimatra-sec who was a pleasure to work with!
Actions:
Reported by
trimatra-sec
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Reflected