CVE-2006-6158 - Unsegregated Horizon

Description

Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4 formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31 allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php or (2) the email parameter to ticket.php.

Reference

http://www.attrition.org/pipermail/vim/2006-November/001148.html http://www.securityfocus.com/bid/21250 http://secunia.com/advisories/23052 http://secunia.com/advisories/23070 http://secunia.com/advisories/23071 http://www.osvdb.org/30667 http://www.osvdb.org/34034 http://securityreason.com/securityalert/1928 http://www.vupen.com/english/advisories/2006/4670 http://www.vupen.com/english/advisories/2006/4671 http://www.vupen.com/english/advisories/2006/4672 https://exchange.xforce.ibmcloud.com/vulnerabilities/30489 http://www.securityfocus.com/archive/1/452397/100/0/threaded