CVE-2006-6158

{"id": "CVE-2006-6158", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-11-28T23:28:00.000", "references": [{"url": "http://secunia.com/advisories/23052", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23070", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23071", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1928", "source": "cve@mitre.org"}, {"url": "http://www.attrition.org/pipermail/vim/2006-November/001148.html", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/30667", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/34034", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/452397/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21250", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4670", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4671", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4672", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30489", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en (a) PMOS Help Desk 2.4, antiguamente (b) InverseFlow Help Desk 2.31 y tambi\u00e9n vendido como (c) Ace Helpdesk 2.31, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante los par\u00e1metros (1) email o id a ticketview.php, o el (2) par\u00e1metro email a ticket.php."}], "lastModified": "2018-10-17T21:46:59.877", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ace_helpdesk:ace_helpdesk:2.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C067839-F034-4F42-806F-0853111119EB"}, {"criteria": "cpe:2.3:a:inverseflow:help_desk:2.31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F7E62BB-2848-47BE-A7A9-15B629D272AD"}, {"criteria": "cpe:2.3:a:pmos_helpdesk:pmos_helpdesk:2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CEE7928-7568-4637-8297-B1F285AEBCD7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}