CVE-2006-6158

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php.

Reference

http://secunia.com/advisories/23052
http://secunia.com/advisories/23070
http://secunia.com/advisories/23071
http://securityreason.com/securityalert/1928
http://www.attrition.org/pipermail/vim/2006-November/001148.html
http://www.osvdb.org/30667
http://www.osvdb.org/34034
http://www.securityfocus.com/archive/1/452397/100/0/threaded
http://www.securityfocus.com/bid/21250
http://www.vupen.com/english/advisories/2006/4670
http://www.vupen.com/english/advisories/2006/4671
http://www.vupen.com/english/advisories/2006/4672
https://exchange.xforce.ibmcloud.com/vulnerabilities/30489

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

17-10-2018 - 21:46

Objavljeno

28-11-2006 - 23:28