QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2007-5727

Back to search

CVE-2007-5727

Published: Oct 30, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Incomplete blacklist vulnerability in the stripScripts function in common.php in OneOrZero Helpdesk 1.6.5.4, 1.6.4.2, and possibly other versions, allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary web script or HTML via XSS sequences without SCRIPT tags in the description parameter to (1) tcreate.php or (2) tupdate.php, as demonstrated using an onmouseover event in a b tag.

VendorProductVersions

n/a

n/a

affected
n/a

References

38836
vdb-entry
x_refsource_OSVDB
20071022 usd250 helpdesk XSS vulnerabily.
mailing-list
x_refsource_BUGTRAQ
27415
third-party-advisory
x_refsource_SECUNIA
3320
third-party-advisory
x_refsource_SREASON
26208
vdb-entry
x_refsource_BID
38215
vdb-entry
x_refsource_OSVDB
26217
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now