Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote malicious users to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ace helpdesk ace helpdesk 2.3.1 |
||
inverseflow help desk 2.31 |
||
pmos helpdesk pmos helpdesk 2.4 |