Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ace Helpdesk | Ace Helpdesk | 2.3.1 |
| Inverseflow | Help Desk | 2.31 |
| Pmos Helpdesk | Pmos Helpdesk | 2.4 |
References
- http://secunia.com/advisories/23052Vendor Advisory
- http://secunia.com/advisories/23070Vendor Advisory
- http://secunia.com/advisories/23071
- http://securityreason.com/securityalert/1928
- http://www.attrition.org/pipermail/vim/2006-November/001148.html
- http://www.osvdb.org/30667
- http://www.osvdb.org/34034
- http://www.securityfocus.com/archive/1/452397/100/0/threaded
- http://www.securityfocus.com/bid/21250
- http://www.vupen.com/english/advisories/2006/4670
- http://www.vupen.com/english/advisories/2006/4671
- http://www.vupen.com/english/advisories/2006/4672
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30489
- http://secunia.com/advisories/23052Vendor Advisory
- http://secunia.com/advisories/23070Vendor Advisory
FAQ
What is CVE-2006-6158?
CVE-2006-6158 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrar...
How severe is CVE-2006-6158?
CVE-2006-6158 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6158?
Check the references section above for vendor advisories and patch information. Affected products include: Ace Helpdesk Ace Helpdesk, Inverseflow Help Desk, Pmos Helpdesk Pmos Helpdesk.