CVE-2006-6158

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.attrition.org/pipermail/vim/2006-November/001148.html", "name": "20061128 PMOS Help Desk/etc. SQL injection - source verify and more info", "tags": [], "refsource": "VIM"}, {"url": "http://www.securityfocus.com/bid/21250", "name": "21250", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/23052", "name": "23052", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/23070", "name": "23070", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/23071", "name": "23071", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/30667", "name": "30667", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/34034", "name": "34034", "tags": [], "refsource": "OSVDB"}, {"url": "http://securityreason.com/securityalert/1928", "name": "1928", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/4670", "name": "ADV-2006-4670", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2006/4671", "name": "ADV-2006-4671", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2006/4672", "name": "ADV-2006-4672", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30489", "name": "pmoshelpdesk-ticketview-xss(30489)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/452397/100/0/threaded", "name": "20061122 XSS in scriptat support InverseFlow Help Desk v2.31", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-6158", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-11-28T23:28Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ace_helpdesk:ace_helpdesk:2.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:inverseflow:help_desk:2.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pmos_helpdesk:pmos_helpdesk:2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-17T21:46Z"}