CVE-2006-4884

IDevSpot iSupport 1.8 - Cross-Site Scripting via suser, ticket_id, or cons_page_title Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2006-4884. PoCs published by s3rv3r_hack3r.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in IDevSpot iSupport version 1.8. It outlines the vulnerability's impact and provides a sample exploit URL but lacks executable code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 allow remote attackers to inject arbitrary web script or HTML via (1) the suser parameter in support/rightbar.php, (2) the ticket_id parameter in support/open_tickets.php, and (3) the cons_page_title parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Exploits (3)

exploitdb WRITEUP VERIFIED
by s3rv3r_hack3r · textwebappsphp
https://www.exploit-db.com/exploits/28515

The provided text describes a cross-site scripting (XSS) vulnerability in IDevSpot iSupport version 1.8. It outlines the vulnerability's impact and provides a sample exploit URL but lacks executable code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: IDevSpot iSupport 1.8
No auth needed
Prerequisites: Access to the vulnerable application URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by s3rv3r_hack3r · textwebappsphp
https://www.exploit-db.com/exploits/28516

The provided text describes a cross-site scripting (XSS) vulnerability in IDevSpot iSupport version 1.8. The vulnerability arises from insufficient sanitization of user-supplied data, allowing attackers to inject malicious scripts via the 'ticket_id' parameter in the URL.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: IDevSpot iSupport 1.8
No auth needed
Prerequisites: Access to the vulnerable URL endpoint
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by s3rv3r_hack3r · textwebappsphp
https://www.exploit-db.com/exploits/28517

The provided text describes a cross-site scripting (XSS) vulnerability in IDevSpot iSupport version 1.8, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject malicious scripts via the 'cons_page_title' parameter.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: IDevSpot iSupport 1.8
No auth needed
Prerequisites: Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19963

Scores

EPSS 0.0297
EPSS Percentile 85.5%

Details

Status published
Products (1)
idevspot/isupport 1.8
Published Sep 19, 2006
Tracked Since Feb 18, 2026