InverseFlow Help Desk Multiple Cross-Site Scripting Vulnerabilities
BID:21250
Info
InverseFlow Help Desk Multiple Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 21250 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 22 2006 12:00AM |
| Updated: | Nov 23 2006 12:30PM |
| Credit: | SwEET-DeViL, ViP HaCkEr and HaCkEr sUn are credited with the discovery of these issues. |
| Vulnerable: |
PMOS Helpdesk PMOS Helpdesk 2.4 InverseFlow Help Desk 2.31 Ace Helpdesk Ace Helpdesk 2.3.1 |
| Not Vulnerable: | |
Discussion
InverseFlow Help Desk Multiple Cross-Site Scripting Vulnerabilities
InverseFlow Help Desk is prone to multiple cross-site scripting vulnerabilities.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Version 2.31 is vulnerable to these issues; other versions may also be affected. Ace Helpdesk and PMOS Helpdesk have also been confirmed to be vulnerable to these isssues.
InverseFlow Help Desk is prone to multiple cross-site scripting vulnerabilities.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Version 2.31 is vulnerable to these issues; other versions may also be affected. Ace Helpdesk and PMOS Helpdesk have also been confirmed to be vulnerable to these isssues.
Exploit / POC
Solution / Fix
InverseFlow Help Desk Multiple Cross-Site Scripting Vulnerabilities
Solution:
Currently we are not aware of any vendor supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at [email protected]
Solution:
Currently we are not aware of any vendor supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at [email protected]
References
InverseFlow Help Desk Multiple Cross-Site Scripting Vulnerabilities
References:
References:
- Ace Helpdesk (Ace Helpdesk)
- PMOS Helpdesk (PMOS Helpdesk)
- Vendor Home Page (Inverseflow)
- XSS in scriptat support InverseFlow Help Desk v2.31 ([email protected])