Vulnerability Description
Incomplete blacklist vulnerability in the stripScripts function in common.php in OneOrZero Helpdesk 1.6.5.4, 1.6.4.2, and possibly other versions, allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary web script or HTML via XSS sequences without SCRIPT tags in the description parameter to (1) tcreate.php or (2) tupdate.php, as demonstrated using an onmouseover event in a b tag.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oneorzero | Oneorzero Helpdesk | 1.6.4.2 |
Related Weaknesses (CWE)
References
- http://osvdb.org/38215
- http://osvdb.org/38836
- http://secunia.com/advisories/27415Vendor Advisory
- http://securityreason.com/securityalert/3320
- http://www.securityfocus.com/archive/1/482790/100/0/threaded
- http://www.securityfocus.com/bid/26208
- http://www.securityfocus.com/bid/26217
- http://osvdb.org/38215
- http://osvdb.org/38836
- http://secunia.com/advisories/27415Vendor Advisory
- http://securityreason.com/securityalert/3320
- http://www.securityfocus.com/archive/1/482790/100/0/threaded
- http://www.securityfocus.com/bid/26208
- http://www.securityfocus.com/bid/26217
FAQ
What is CVE-2007-5727?
CVE-2007-5727 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Incomplete blacklist vulnerability in the stripScripts function in common.php in OneOrZero Helpdesk 1.6.5.4, 1.6.4.2, and possibly other versions, allows remote attackers to conduct cross-site scripti...
How severe is CVE-2007-5727?
CVE-2007-5727 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5727?
Check the references section above for vendor advisories and patch information. Affected products include: Oneorzero Oneorzero Helpdesk.