6 Medium
AI Score
Confidence
High
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
47.1%
Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Forename, (2) Surname, (3) Telephone, and (4) Fax fields to writeenduserenduser.asp; the (5) Filter field to statsrequestypereport.asp; and the (6) sys_request_id parameter to requestattach.asp; and allow remote authenticated users to inject arbitrary web script or HTML via the (7) Asset, (8) Location, and (9) Problem fields to editrequestenduser.asp; the (10) Asset, (11) Asset Location, (12) Problem Desc, and (13) Solution Desc fields to editrequestuser.asp; and the (14) End User and (15) Description fields to usersearchrequests.asp. NOTE: vectors 5 and 6 do not require authentication to exploit.
CPE | Name | Operator | Version |
---|---|---|---|
layton_technology:helpbox | layton technology helpbox | eq | 3.7.1 |
secunia.com/advisories/27699
secunia.com/secunia_research/2007-94/advisory/
www.securityfocus.com/bid/27187
exchange.xforce.ibmcloud.com/vulnerabilities/39537
exchange.xforce.ibmcloud.com/vulnerabilities/39540
exchange.xforce.ibmcloud.com/vulnerabilities/39541
exchange.xforce.ibmcloud.com/vulnerabilities/39542
exchange.xforce.ibmcloud.com/vulnerabilities/39543