Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent permissions to perform privilege escalation on the application. This occurs because the application is vulnerable to stored XSS. Referenceshttps://github.com/ladybirdweb/faveo-helpdesk/https://fluidattacks.com/advisories/towers/