CVE-2007-1161

Call Center Software 0.93 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in call_entry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problem_desc parameter, as demonstrated by the ONLOAD attribute of a BODY element.

References (4)

[Third Party Advisory, VDB Entry] http://osvdb.org/33037

[Exploit] http://www.attrition.org/pipermail/vim/2007-February/001378.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/460797/100/0/threaded

[Third Party Advisory] http://securityreason.com/securityalert/2333

Scores

EPSS 0.0033

EPSS Percentile 55.8%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

call_center_software/call_center_software

Timeline

Published Mar 02, 2007

Tracked Since Feb 18, 2026