CVE-2007-5727 in OneOrZero Helpdeskinfo

Summary

Incomplete blacklist vulnerability in the stripScripts function in common.php in OneOrZero Helpdesk 1.6.5.4, 1.6.4.2, and possibly other versions, allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary web script or HTML via XSS sequences without SCRIPT tags in the description parameter to (1) tcreate.php or (2) tupdate.php, as demonstrated using an onmouseover event in a b tag.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

10/30/2007

Disclosure

10/30/2007

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-79

CVSS

4.3

EPSS

0.00569

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-5727
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-5727
CVE Details	https://www.cvedetails.com/cve/CVE-2007-5727/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!