Vulnerability Database

321,822

Total vulnerabilities in the database

CVE-2019-25263

Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through support ticket submissions. Attackers can insert XSS payloads like script tags into ticket text that automatically execute when survey pages are loaded by other users.

Published: Feb 3, 2026
Updated: Feb 4, 2026
CVE: CVE-2019-25263
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.4
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

No affected software listed.

https://sweethawk.co/zendesk/survey-app
https://www.exploit-db.com/exploits/47781
https://www.vulncheck.com/advisories/zendesk-app-sweethawk-survey-persistent-cross-site-scripting
https://www.zendesk.com/apps/support/survey/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo