← back
CVE-2002-0931

CVE-2002-0931

EPSS 3.1%
Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and possibly other versions, allows remote attackers to execute script as other users via a (1) Title or (2) Description when a new ticket is created by a support assistant, via the "id" parameter to the index.php script with the (3) tickettime, (4) ticketfiles, or (5) updateticketlog operations, or (6) via the update section when a ticket is edited.
Affected products
n/a · n/a
public PoCs found2
exploitdbwww.exploit-db.com/exploits/21526unverifiedexploitdbwww.exploit-db.com/exploits/21519unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://archives.neohapsis.com/archives/bugtraq/2002-06/0057.htmlhttp://www.iss.net/security_center/static/9319.phphttp://www.iss.net/security_center/static/9320.phphttp://www.securityfocus.com/bid/4967http://www.securityfocus.com/bid/4970