Cross-Site Scripting Flaw in PMOS and InverseFlow Help Desk Products
CVE-2006-6158

Currently unrated

Key Information:

Vendor: Ace Helpdesk
Status: Ace Helpdesk; Pmos Helpdesk; Help Desk
Vendor: CVE Published:; 28 November 2006

🔔 Create Ace Helpdesk Vulnerability Alert

What is CVE-2006-6158?

This vulnerability enables remote attackers to exploit multiple cross-site scripting (XSS) flaws in PMOS Help Desk 2.4, InverseFlow Help Desk 2.31, and Ace Helpdesk 2.31. Attackers can inject arbitrary web scripts or HTML through the 'id' or 'email' parameters in ticketview.php, or via the 'email' parameter in ticket.php, potentially leading to unauthorized actions on behalf of users or the exposure of sensitive information.

References

http://secunia.com/advisories/23071

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2006/4672

vdb-entryx_refsource_VUPEN

http://www.osvdb.org/30667

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 28, 2006
Vulnerability Reserved
Nov 28, 2006

CVE-2006-6158 Data

JSON