| ID |
CVE-2006-6158
|
| Summary |
Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:ace_helpdesk:ace_helpdesk:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:ace_helpdesk:ace_helpdesk:2.3.1:*:*:*:*:*:*:*
-
cpe:2.3:a:inverseflow:help_desk:2.31:*:*:*:*:*:*:*
cpe:2.3:a:inverseflow:help_desk:2.31:*:*:*:*:*:*:*
-
cpe:2.3:a:pmos_helpdesk:pmos_helpdesk:2.4:*:*:*:*:*:*:*
cpe:2.3:a:pmos_helpdesk:pmos_helpdesk:2.4:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 6.8 (as of 17-10-2018 - 21:46) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| refmap
via4
|
| bid | 21250 | | bugtraq | 20061122 XSS in scriptat support InverseFlow Help Desk v2.31 | | osvdb | | | secunia | | | sreason | 1928 | | vim | 20061128 PMOS Help Desk/etc. SQL injection - source verify and more info | | vupen | - ADV-2006-4670
- ADV-2006-4671
- ADV-2006-4672
| | xf | pmoshelpdesk-ticketview-xss(30489) |
|
| Last major update |
17-10-2018 - 21:46 |
| Published |
28-11-2006 - 23:28 |
| Last modified |
17-10-2018 - 21:46 |
