CVE-2006-6159

Published: Nov 28, 2006Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in DeskPRO 2.0.0 and 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) message or (2) subject parameter.

Affected (2)

Products: Deskpro: Deskpro

Deskpro

1 product

Deskpro

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Deskpro Deskpro	Version 2.0.0
Deskpro Deskpro	Version 2.0.1

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (12)

http://secunia.com/advisories/22991

Source: cve@mitre.org

Vendor Advisory

http://www.osvdb.org/30671

Source: cve@mitre.org

http://www.securityfocus.com/bid/21248

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/4676

Source: cve@mitre.org

Vendor Advisory

http://www.zion-security.com/text/Mul_Vulnerability_DeskPro.txt

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/30520

Source: cve@mitre.org

http://secunia.com/advisories/22991