QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2009-4047

Back to search

CVE-2009-4047

Published: Nov 23, 2009

Modified: Sep 16, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk 1.43 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to area.php; the (2) pagina, (3) sentido, (4) q_registros, and (5) orden parameters to area.php; (6) the q_registros parameter to solic_display.php; (7) the PATH_INFO to area_list.php; (8) the q_registros parameter to area_list.php; (9) the PATH_INFO to atributo.php; the (10) pagina, (11) q_registros, and (12) orden parameters to atributo_list.php; (13) an arbitrary parameter name beginning with "sentido" to atributo_list.php; and (14) the PATH_INFO to caso_insert.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

VendorProductVersions

n/a

n/a

affected
n/a

References

60088
vdb-entry
x_refsource_OSVDB
60090
vdb-entry
x_refsource_OSVDB
37375
third-party-advisory
x_refsource_SECUNIA
60086
vdb-entry
x_refsource_OSVDB
37029
vdb-entry
x_refsource_BID
60087
vdb-entry
x_refsource_OSVDB
60089
vdb-entry
x_refsource_OSVDB
60085
vdb-entry
x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now