Описание
Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ace_helpdesk:ace_helpdesk:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:inverseflow:help_desk:2.31:*:*:*:*:*:*:*
cpe:2.3:a:pmos_helpdesk:pmos_helpdesk:2.4:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01463
Низкий
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php.
EPSS
Процентиль: 81%
0.01463
Низкий
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other