CVE-2007-2011

Deskpro - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by John Martinelli · htmlwebappsphp

https://www.exploit-db.com/exploits/29828

View Code ZIP pw:eip

References (7)

[Exploit] http://www.securityfocus.com/bid/23381

[Various Sources] http://john-martinelli.com/work/deskpro.txt

[Third Party Advisory] http://securityreason.com/securityalert/2556

[Vendor Advisory] http://secunia.com/advisories/24844

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/465089/100/0/threaded

[Third Party Advisory, VDB Entry] http://osvdb.org/34721

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1320

Scores

EPSS 0.0710

EPSS Percentile 91.6%

Details

Status published

Products (1)

deskpro/deskpro 2.0.1

Published Apr 12, 2007

Tracked Since Feb 18, 2026