Published: 19/09/2006 Updated: 05/09/2008

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 445

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 allow remote malicious users to inject arbitrary web script or HTML via (1) the suser parameter in support/rightbar.php, (2) the ticket_id parameter in support/open_tickets.php, and (3) the cons_page_title parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
idevspot isupport 1.8

source: wwwsecurityfocuscom/bid/19963/info IDevSpot iSupport is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user supplied data Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks Version 18 is vulnerable; o ...

source: wwwsecurityfocuscom/bid/19963/info IDevSpot iSupport is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user supplied data Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks Version 18 is vulnerable; othe ...

source: wwwsecurityfocuscom/bid/19963/info IDevSpot iSupport is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user supplied data Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks Version 18 is vulnerable ...

NVD-CWE-Other http://www.securityfocus.com/bid/19963 https://nvd.nist.gov https://www.exploit-db.com/exploits/28516/

CVE-2006-4884

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect