Vulnerability Description
Cross-site scripting (XSS) vulnerability in default.asp in VanillaSoft Helpdesk 2005 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vanillasoft | Vanillasoft Helpdesk | 2005 |
References
- http://pridels0.blogspot.com/2006/06/vanillasoft-helpdesk-xss-vuln.html
- http://secunia.com/advisories/20544Vendor Advisory
- http://securitytracker.com/id?1016254
- http://www.securityfocus.com/bid/18368
- http://www.vupen.com/english/advisories/2006/2247
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27020
- http://pridels0.blogspot.com/2006/06/vanillasoft-helpdesk-xss-vuln.html
- http://secunia.com/advisories/20544Vendor Advisory
- http://securitytracker.com/id?1016254
- http://www.securityfocus.com/bid/18368
- http://www.vupen.com/english/advisories/2006/2247
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27020
FAQ
What is CVE-2006-2990?
CVE-2006-2990 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in default.asp in VanillaSoft Helpdesk 2005 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.
How severe is CVE-2006-2990?
CVE-2006-2990 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2990?
Check the references section above for vendor advisories and patch information. Affected products include: Vanillasoft Vanillasoft Helpdesk.