CVE-2006-6158 – PMOS Help Desk 2.3 - 'ticket.php?email' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2006-6158

Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en (a) PMOS Help Desk 2.4, antiguamente (b) InverseFlow Help Desk 2.31 y también vendido como (c) Ace Helpdesk 2.31, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante los parámetros (1) email o id a ticketview.php, o el (2) parámetro email a ticket.php. • https://www.exploit-db.com/exploits/29166 https://www.exploit-db.com/exploits/29165 http://secunia.com/advisories/23052 http://secunia.com/advisories/23070 http://secunia.com/advisories/23071 http://securityreason.com/securityalert/1928 http://www.attrition.org/pipermail/vim/2006-November/001148.html http://www.osvdb.org/30667 http://www.osvdb.org/34034 http://www.securityfocus.com/archive/1/452397/100/0/threaded http://www.securityfocus.com/bid/21250 http://www. •