CVE-2005-3839

Cross-site scripting (XSS) vulnerability in SupportPRO Supportdesk allows remote attackers to inject arbitrary web script or HTML via the (1) post tickers and (2) view tickets options.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://pridels0.blogspot.com/2005/11/supportpro-supportdesk-xss-vuln.html
http://secunia.com/advisories/17701
http://www.osvdb.org/21088
http://www.securityfocus.com/bid/15564
http://www.vupen.com/english/advisories/2005/2574
http://pridels0.blogspot.com/2005/11/supportpro-supportdesk-xss-vuln.html
http://secunia.com/advisories/17701
http://www.osvdb.org/21088
http://www.securityfocus.com/bid/15564
http://www.vupen.com/english/advisories/2005/2574

Configurations

Configuration 1 (hide)

cpe:2.3:a:supportpro:supportdesk:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:02

Type	Values Removed	Values Added
References	~~() http://pridels0.blogspot.com/2005/11/supportpro-supportdesk-xss-vuln.html -~~	() http://pridels0.blogspot.com/2005/11/supportpro-supportdesk-xss-vuln.html -
References	~~() http://secunia.com/advisories/17701 -~~	() http://secunia.com/advisories/17701 -
References	~~() http://www.osvdb.org/21088 -~~	() http://www.osvdb.org/21088 -
References	~~() http://www.securityfocus.com/bid/15564 -~~	() http://www.securityfocus.com/bid/15564 -
References	~~() http://www.vupen.com/english/advisories/2005/2574 -~~	() http://www.vupen.com/english/advisories/2005/2574 -

Information

Published : 2005-11-26 22:03

Updated : 2024-11-21 00:02

NVD link : CVE-2005-3839

Mitre link : CVE-2005-3839

CVE.ORG link : CVE-2005-3839

JSON object : View

Products Affected

supportpro

supportdesk

CWE

NVD-CWE-Other

{"id": "CVE-2005-3839", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-11-26T22:03:00.000", "references": [{"url": "http://pridels0.blogspot.com/2005/11/supportpro-supportdesk-xss-vuln.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/17701", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/21088", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/15564", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2005/2574", "source": "cve@mitre.org"}, {"url": "http://pridels0.blogspot.com/2005/11/supportpro-supportdesk-xss-vuln.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/17701", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/21088", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/15564", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2005/2574", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in SupportPRO Supportdesk allows remote attackers to inject arbitrary web script or HTML via the (1) post tickers and (2) view tickets options."}], "lastModified": "2024-11-21T00:02:50.530", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:supportpro:supportdesk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7884DE9-DEF7-4EF9-9DA9-BEC781384D2E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}