CVE-2006-6159 - Triste Instances

Description

Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in DeskPRO 2.0.0 and 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) message or (2) subject parameter.

Reference

http://www.securityfocus.com/bid/21248 http://www.osvdb.org/30671 http://secunia.com/advisories/22991 http://www.zion-security.com/text/Mul_Vulnerability_DeskPro.txt http://www.vupen.com/english/advisories/2006/4676 https://exchange.xforce.ibmcloud.com/vulnerabilities/30520