CVE-2006-6158
6.3 Medium
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.025 Low
EPSS
Percentile
89.9%
Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as © Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php.
References
secunia.com/advisories/23052
secunia.com/advisories/23070
secunia.com/advisories/23071
securityreason.com/securityalert/1928
www.attrition.org/pipermail/vim/2006-November/001148.html
www.osvdb.org/30667
www.osvdb.org/34034
www.securityfocus.com/archive/1/452397/100/0/threaded
www.securityfocus.com/bid/21250
www.vupen.com/english/advisories/2006/4670
www.vupen.com/english/advisories/2006/4671
www.vupen.com/english/advisories/2006/4672
exchange.xforce.ibmcloud.com/vulnerabilities/30489
6.3 Medium
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.025 Low
EPSS
Percentile
89.9%