Published: 04/10/2002 Updated: 05/09/2008

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and possibly other versions, allows remote malicious users to execute script as other users via a (1) Title or (2) Description when a new ticket is created by a support assistant, via the "id" parameter to the index.php script with the (3) tickettime, (4) ticketfiles, or (5) updateticketlog operations, or (6) via the update section when a ticket is edited.

Vulnerable Product	Search on Vulmon	Subscribe to Product
luis bernardo myhelpdesk

source: wwwsecurityfocuscom/bid/4967/info It has been reported that MyHelpDesk is vulnerable to HTML injection attacks MyHelpDesk does not properly sanitize HTML tags from form fields Attackers may pass arbitrary HTML and script code through the unsanitized form fields or through parameters specified via URL The attacker-supplied HTML ...

source: wwwsecurityfocuscom/bid/4970/info It is reported that MyHelpDesk is vulnerable to cross-site scripting attacks Attackers may exploit this vulnerability by constructing a link to a vulnerable scripts, passing malicious HTML code as a value for unsanitized CGI parameters If the link is sent to a MyHelpDesk user and clicked on, th ...

NVD-CWE-Other http://www.securityfocus.com/bid/4967 http://www.securityfocus.com/bid/4970 http://www.iss.net/security_center/static/9319.php http://www.iss.net/security_center/static/9320.php http://archives.neohapsis.com/archives/bugtraq/2002-06/0057.html https://nvd.nist.gov https://www.exploit-db.com/exploits/21519/

CVE-2002-0931

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect