CVE-2019-25263
Persistent XSS in Zendesk SweetHawk Survey 1.6 via Ticket Submissions
Publication date: 2026-02-03
Last updated on: 2026-02-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zendesk | sweethawk_survey | to 1.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
[{'type': 'paragraph', 'content': 'The persistent cross-site scripting (XSS) vulnerability in Zendesk SweetHawk Survey 1.6 allows attackers to inject malicious scripts that execute in the browsers of users viewing affected survey pages. This can lead to unauthorized access to sensitive information, session hijacking, and data theft, which may compromise the confidentiality and integrity of user data.'}, {'type': 'paragraph', 'content': "Such compromises can negatively impact compliance with data protection regulations like GDPR and HIPAA, which require organizations to protect personal and sensitive data from unauthorized access and breaches. The vulnerability's potential to expose or manipulate user data could result in violations of these standards, leading to legal and regulatory consequences."}] [1, 2]
Can you explain this vulnerability to me?
CVE-2019-25263 is a persistent cross-site scripting (XSS) vulnerability found in Zendesk SweetHawk Survey version 1.6 and earlier. It allows attackers to inject malicious scripts into support ticket submissions by embedding XSS payloads, such as script tags, within the ticket text.
These malicious scripts then automatically execute when other users load the survey pages, potentially compromising the confidentiality and integrity of the application.
How can this vulnerability impact me? :
This vulnerability enables attackers to execute arbitrary JavaScript code in the browsers of users who visit the affected survey pages without requiring any user interaction.
- Attackers can hijack user sessions.
- Attackers can steal sensitive data.
- It can lead to unauthorized actions performed on behalf of users.
- Overall, it poses a medium severity threat to the confidentiality and integrity of the system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by submitting test payloads containing common XSS scripts, such as <script>alert(1);</script>, through Zendesk support ticket submissions and then observing if the payload executes when the survey pages are loaded.
Since the vulnerability involves persistent cross-site scripting via ticket text, detection involves monitoring ticket submissions for suspicious script tags or payloads and verifying if these scripts execute in the survey page context.
No specific network or system commands are provided in the available resources for automated detection.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of Zendesk SweetHawk Survey version 1.6 or earlier until a patch or update is available.
Additionally, monitor and sanitize all support ticket inputs to prevent injection of malicious scripts.
Implement web application firewall (WAF) rules to detect and block common XSS payloads in ticket submissions.
Restrict privileges and user interactions where possible to limit the impact of potential exploitation.