2 matches found
CVE-2009-4861
CVE-2009-4861 : A cross-site scripting (XSS) vulnerability in SupportPRO SupportDesk 3.0’s shownews.php allows injecting arbitrary script/HTML via PATH_INFO. Affected component is the shownews.php handling in SupportDesk 3.0; root cause is unvalidated PATH_INFO input leading to script injection. ...
CVE-2005-3839
CVE-2005-3839 describes a cross-site scripting (XSS) vulnerability in SupportPRO Supportdesk. The flaw allows remote attackers to inject arbitrary web script or HTML via the post tickers and view tickets options. Public references consistently identify the issue as an XSS in the web interface, wi...