Description
Multiple cross-site scripting (XSS) vulnerabilities in index.php in ClientExec (CE) 3.0 beta2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) ticketID, (2) view, and (3) fuse parameters.
Exploits (1)
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/37526
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34390
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24061
Various Sources x_refsource_misc
http://pridels-team.blogspot.com/2007/05/clientexec-xss-vuln.html
Scores
EPSS
0.0046
EPSS Percentile
64.1%
Details
Status
published
Products (1)
clientexec/clientexec
< 3.0_beta2
Published
May 22, 2007
Tracked Since
Feb 18, 2026