{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-22T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "23071", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23071"}, {"name": "ADV-2006-4672", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4672"}, {"name": "30667", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/30667"}, {"name": "ADV-2006-4671", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4671"}, {"name": "21250", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21250"}, {"name": "23070", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23070"}, {"name": "20061122 XSS in scriptat support InverseFlow Help Desk v2.31", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/452397/100/0/threaded"}, {"name": "ADV-2006-4670", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4670"}, {"name": "34034", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/34034"}, {"name": "pmoshelpdesk-ticketview-xss(30489)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30489"}, {"name": "23052", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23052"}, {"name": "20061128 PMOS Help Desk/etc. SQL injection - source verify and more info", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2006-November/001148.html"}, {"name": "1928", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1928"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6158", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "23071", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23071"}, {"name": "ADV-2006-4672", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4672"}, {"name": "30667", "refsource": "OSVDB", "url": "http://www.osvdb.org/30667"}, {"name": "ADV-2006-4671", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4671"}, {"name": "21250", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21250"}, {"name": "23070", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23070"}, {"name": "20061122 XSS in scriptat support InverseFlow Help Desk v2.31", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/452397/100/0/threaded"}, {"name": "ADV-2006-4670", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4670"}, {"name": "34034", "refsource": "OSVDB", "url": "http://www.osvdb.org/34034"}, {"name": "pmoshelpdesk-ticketview-xss(30489)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30489"}, {"name": "23052", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23052"}, {"name": "20061128 PMOS Help Desk/etc. SQL injection - source verify and more info", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2006-November/001148.html"}, {"name": "1928", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1928"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:19:34.881Z"}, "title": "CVE Program Container", "references": [{"name": "23071", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23071"}, {"name": "ADV-2006-4672", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4672"}, {"name": "30667", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/30667"}, {"name": "ADV-2006-4671", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4671"}, {"name": "21250", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21250"}, {"name": "23070", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23070"}, {"name": "20061122 XSS in scriptat support InverseFlow Help Desk v2.31", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/452397/100/0/threaded"}, {"name": "ADV-2006-4670", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4670"}, {"name": "34034", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/34034"}, {"name": "pmoshelpdesk-ticketview-xss(30489)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30489"}, {"name": "23052", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23052"}, {"name": "20061128 PMOS Help Desk/etc. SQL injection - source verify and more info", "tags": ["mailing-list", "x_refsource_VIM", "x_transferred"], "url": "http://www.attrition.org/pipermail/vim/2006-November/001148.html"}, {"name": "1928", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1928"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6158", "datePublished": "2006-11-28T23:00:00.000Z", "dateReserved": "2006-11-28T00:00:00.000Z", "dateUpdated": "2024-08-07T20:19:34.881Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ace_helpdesk:ace_helpdesk:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "1C067839-F034-4F42-806F-0853111119EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:inverseflow:help_desk:2.31:*:*:*:*:*:*:*", "matchCriteriaId": "3F7E62BB-2848-47BE-A7A9-15B629D272AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:pmos_helpdesk:pmos_helpdesk:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "4CEE7928-7568-4637-8297-B1F285AEBCD7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en (a) PMOS Help Desk 2.4, antiguamente (b) InverseFlow Help Desk 2.31 y tambi\u00e9n vendido como (c) Ace Helpdesk 2.31, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante los par\u00e1metros (1) email o id a ticketview.php, o el (2) par\u00e1metro email a ticket.php."}], "id": "CVE-2006-6158", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-11-28T23:28:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23052"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23070"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23071"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1928"}, {"source": "cve@mitre.org", "url": "http://www.attrition.org/pipermail/vim/2006-November/001148.html"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/30667"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/34034"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/452397/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/21250"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4670"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4671"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4672"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30489"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23052"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23070"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23071"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1928"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.attrition.org/pipermail/vim/2006-November/001148.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/30667"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/34034"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/452397/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/21250"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4670"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4671"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4672"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30489"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}