Lucene search

MitreCVE-2006-4884

HistorySep 19, 2006 - 9:07 p.m.

CVE-2006-4884

2006-09-1921:07:00

mitre

web.nvd.nist.gov

cve-2006-4884

idevspot isupport 1.8

xss vulnerabilities

remote attackers

web script

html

suser parameter

ticket_id parameter

cons_page_title parameter

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

61.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 allow remote attackers to inject arbitrary web script or HTML via (1) the suser parameter in support/rightbar.php, (2) the ticket_id parameter in support/open_tickets.php, and (3) the cons_page_title parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Affected configurations

Nvd

Node

idevspotisupportMatch1.8

VendorProductVersionCPE
idevspotisupport1.8cpe:2.3:a:idevspot:isupport:1.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
idevspot	isupport	1.8	cpe:2.3:a:idevspot:isupport:1.8:::::::*

References

www.securityfocus.com/bid/19963

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

61.3%

JSON

Related for CVE-2006-4884