Lucene search

[email protected]CVE-2006-4884

HistorySep 19, 2006 - 9:07 p.m.

CVE-2006-4884

2006-09-1921:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-4884

idevspot isupport 1.8

xss vulnerabilities

remote attackers

web script

html

suser parameter

ticket_id parameter

cons_page_title parameter

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

50.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 allow remote attackers to inject arbitrary web script or HTML via (1) the suser parameter in support/rightbar.php, (2) the ticket_id parameter in support/open_tickets.php, and (3) the cons_page_title parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

CPENameOperatorVersion
idevspot:isupportidevspot isupporteq1.8

CPE	Name	Operator	Version
idevspot:isupport	idevspot isupport	eq	1.8

References

www.securityfocus.com/bid/19963

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

50.1%

JSON