CVE-2006-6158 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4 formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31 allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php or (2) the email parameter to ticket.php.
Reference
http://secunia.com/advisories/23052 http://secunia.com/advisories/23070 http://secunia.com/advisories/23071 http://securityreason.com/securityalert/1928 http://www.attrition.org/pipermail/vim/2006-November/001148.html http://www.osvdb.org/30667 http://www.osvdb.org/34034 http://www.securityfocus.com/archive/1/452397/100/0/threaded http://www.securityfocus.com/bid/21250 http://www.vupen.com/english/advisories/2006/4670 http://www.vupen.com/english/advisories/2006/4671 http://www.vupen.com/english/advisories/2006/4672 https://exchange.xforce.ibmcloud.com/vulnerabilities/30489
Share on: