CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40323
https://notcve.org/view.php?id=CVE-2022-40323
SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR# 67241. SysAid Help Desk versiones anteriores a 22.1.65, permite un ataque de tipo XSS en el módulo Password Services, también se conoce como FR# 67241 • https://documentation.sysaid.com/docs/22165-release-notes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40322
https://notcve.org/view.php?id=CVE-2022-40322
SysAid Help Desk before 22.1.65 allows XSS, aka FR# 66542 and 65579. SysAid Help Desk versiones anteriores a 22.1.65, permite un ataque de tipo XSS, también se conoce como FR# 66542 y 65579 • https://documentation.sysaid.com/docs/22165-release-notes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16958
https://notcve.org/view.php?id=CVE-2019-16958
Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location Name. Un vulnerabilidad de tipo Cross-site Scripting (XSS) en SolarWinds Web Help Desk versión 12.7.0, permite al atacante inyectar script web o HTML arbitrario por medio del Location Name • https://www.esecforte.com/cross-site-scripting-vulnerability-with-solarwinds-web-help-desk https://www.solarwinds.com/free-tools/free-help-desk-software • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4716
https://notcve.org/view.php?id=CVE-2007-4716
Multiple SQL injection vulnerabilities in PHD Help Desk before 1.31 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en PHD Help Desk before 1.31 permite a atacantes remotos ejecutar comandos sql de su elección mediante vectores no especificados. • http://secunia.com/advisories/26688 http://sourceforge.net/forum/forum.php?forum_id=731460 http://sourceforge.net/project/shownotes.php?release_id=536503 http://sourceforge.net/project/shownotes.php?release_id=536503&group_id=170208 http://www.osvdb.org/36789 http://www.securityfocus.com/bid/25517 http://www.vupen.com/english/advisories/2007/3039 https://exchange.xforce.ibmcloud.com/vulnerabilities/36431 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 2%CPEs: 3EXPL: 2CVE-2006-6158 – PMOS Help Desk 2.3 - 'ticket.php?email' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-6158
Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en (a) PMOS Help Desk 2.4, antiguamente (b) InverseFlow Help Desk 2.31 y también vendido como (c) Ace Helpdesk 2.31, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante los parámetros (1) email o id a ticketview.php, o el (2) parámetro email a ticket.php. • https://www.exploit-db.com/exploits/29166 https://www.exploit-db.com/exploits/29165 http://secunia.com/advisories/23052 http://secunia.com/advisories/23070 http://secunia.com/advisories/23071 http://securityreason.com/securityalert/1928 http://www.attrition.org/pipermail/vim/2006-November/001148.html http://www.osvdb.org/30667 http://www.osvdb.org/34034 http://www.securityfocus.com/archive/1/452397/100/0/threaded http://www.securityfocus.com/bid/21250 http://www. •