CVE

Id
30722  
CVE No.
CVE-2008-0605  
Status
Candidate  
Description
Multiple cross-site scripting (XSS) vulnerabilities in AstroSoft HelpDesk before 1.95.228 allow remote attackers to inject arbitrary web script or HTML via the (1) txtSearch parameter to operator/article/article_search_results.asp and the (2) Attach_Id parameter to operator/article/article_attachment.asp. NOTE: for vector 2, the XSS occurs in a forced SQL error message.  
Phase
Assigned (20080205)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
327336 30722 CVE-2008-0605 BUGTRAQ:20080204 [DSECRG-08-011] Astrosoft HelpDesk Multiple XSS  View
327337 30722 CVE-2008-0605 URL:http://www.securityfocus.com/archive/1/archive/1/487487/100/0/threaded  View
327338 30722 CVE-2008-0605 BUGTRAQ:20080214 [DSECRG-08-011  View
327339 30722 CVE-2008-0605 FIX INFORMATION] Astrosoft HelpDesk Multiple XSS  View
327340 30722 CVE-2008-0605 URL:http://www.securityfocus.com/archive/1/archive/1/488107/100/0/threaded  View
327341 30722 CVE-2008-0605 BID:27610  View
327342 30722 CVE-2008-0605 URL:http://www.securityfocus.com/bid/27610  View
327343 30722 CVE-2008-0605 SREASON:3612  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
47378 JVNDB-2008-002688 DivideConcept VHD Web Pack の index.php におけるディレクトリトラバーサルの脆弱性 DivideConcept VHD Web Pack の index.php には、ディレクトリトラバーサルの脆弱性が存在します。 CVE-2008-0609 30722 7.5 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002688.html  View