CVE-2006-6158
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
6 Medium
AI Score
Confidence
High
0.025 Low
EPSS
Percentile
90.1%
Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as © Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php.
Affected configurations
References
secunia.com/advisories/23052
secunia.com/advisories/23070
secunia.com/advisories/23071
securityreason.com/securityalert/1928
www.attrition.org/pipermail/vim/2006-November/001148.html
www.osvdb.org/30667
www.osvdb.org/34034
www.securityfocus.com/archive/1/452397/100/0/threaded
www.securityfocus.com/bid/21250
www.vupen.com/english/advisories/2006/4670
www.vupen.com/english/advisories/2006/4671
www.vupen.com/english/advisories/2006/4672
exchange.xforce.ibmcloud.com/vulnerabilities/30489
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
6 Medium
AI Score
Confidence
High
0.025 Low
EPSS
Percentile
90.1%