CVE-2007-4412 - Multiple cross-site scripting (XSS) vulnerabilities in Headstart Solutions DeskPRO 3.0.2 allow remot

CVE-2007-4412

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Headstart Solutions DeskPRO 3.0.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (1) techs.php, (2) ticket_category.php, (3) ticket_priority.php, (4) ticket_workflow.php, (5) ticket_escalate.php, (6) fields_ticket.php, (7) ticket_rules_web.php, (8) ticket_displayfields.php, (9) ticket_rules_mail.php, (10) fields_user.php, (11) fields_faq.php, and (12) user_help.php, in (a) admincp/ and (b) possibly a directory on the "User side."

References

Vulnerable Configurations

cpe:2.3:a:headstart_solutions:deskpro:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:headstart_solutions:deskpro:3.0.2:*:*:*:*:*:*:*

CVSS

Base:	3.5 (as of 15-10-2018 - 21:35)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:S/C:N/I:P/A:N

refmap via4

bid	25325
bugtraq	20070814 DeskPRO Admin Panel Multiple HTML Injections
sreason	3029
xf	deskpro-multiple-admin-xss(36023)

Last major update

15-10-2018 - 21:35

Published

18-08-2007 - 21:17

Last modified

15-10-2018 - 21:35