XSS in scriptat support InverseFlow Help Desk v2.31

2006.11.30
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

XSS in scriptat support InverseFlow Help Desk v2.31 :::::::::::::::::::::::::::::::::::::::::::::::::::::: Discovered : SwEET-DeViL & viP HaCkEr & HaCkEr sUn Name scriptat: InverseFlow Help Desk v2.31 tame : AL-garnei K-S-A :::::::::::::::::::::::::::::::::::::::::::::::::::::: #################################################################### [1] in ticketview.php http://www.site.com/support_path/ticketview.php?id=[xss] http://www.site.com/support_path/ticketview.php?email=[xss] http://www.site.com/support_path/ticketview.php?cmd=deletepost&id=[xss] http://www.site.com/support_path/ticketview.php?cmd=deletepost&email=[xs s] ################################################################### [2] in ticket.php http://www.site.com/support_path/ticket.php?email=[xss] ################################################################# ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Greetings to all our friends .. ; SwEET-DeViL MiaL is gamr-14 (at) hotmail (dot) com [email concealed] or m-0-t (at) hotmail (dot) com [email concealed]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top