CVE-2006-6158

Ace Helpdesk - XSS

Title source: rule
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php.

Exploits (2)

exploitdb WRITEUP VERIFIED
by SwEET-DeViL · textwebappsphp
https://www.exploit-db.com/exploits/29165
exploitdb WRITEUP VERIFIED
by SwEET-DeViL · textwebappsphp
https://www.exploit-db.com/exploits/29166

References (13)

Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/30667
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21250
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/452397/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/34034
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30489
Third Party Advisory mailing-list x_refsource_vim
http://www.attrition.org/pipermail/vim/2006-November/001148.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23071
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4672
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4671
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23070
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4670
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23052
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1928

Scores

EPSS 0.0171
EPSS Percentile 82.4%

Details

Status published
Products (3)
ace_helpdesk/ace_helpdesk 2.3.1
inverseflow/help_desk 2.31
pmos_helpdesk/pmos_helpdesk 2.4
Published Nov 28, 2006
Tracked Since Feb 18, 2026