CVE-2002-0931
published 2002-10-04CVE-2002-0931: Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and possibly other versions, allows remote attackers to execute script as other users via a (1)…
PriorityP427high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.07%
86.0th percentile
Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and possibly other versions, allows remote attackers to execute script as other users via a (1) Title or (2) Description when a new ticket is created by a support assistant, via the "id" parameter to the index.php script with the (3) tickettime, (4) ticketfiles, or (5) updateticketlog operations, or (6) via the update section when a ticket is edited.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| luis_bernardo | myhelpdesk | <= 2002-05-09 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
MyHelpDesk 20020509 - HTML Injection
exploitdb·2002-06-10
CVE-2002-0931 MyHelpDesk 20020509 - HTML Injection
MyHelpDesk 20020509 - HTML Injection
---
source: https://www.securityfocus.com/bid/4967/info
It has been reported that MyHelpDesk is vulnerable to HTML injection attacks.
MyHelpDesk does not properly sanitize HTML tags from form fields. Attackers may pass arbitrary HTML and script code through the unsanitized form fields or through parameters specified via URL. The attacker-supplied HTML code will be executed by the web client of users who visit such pages, in the security context of the site running the vulnerable software.
This may potentially be exploited to hijack web content or steal cookie-based authentication credentials from legitimate users.
Alper
Exploit-DB
MyHelpDesk 20020509 - Cross-Site Scripting
exploitdb·2002-06-10
CVE-2002-0931 MyHelpDesk 20020509 - Cross-Site Scripting
MyHelpDesk 20020509 - Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/4970/info
It is reported that MyHelpDesk is vulnerable to cross-site scripting attacks.
Attackers may exploit this vulnerability by constructing a link to a vulnerable scripts, passing malicious HTML code as a value for unsanitized CGI parameters. If the link is sent to a MyHelpDesk user and clicked on, the attacker-supplied HTML code will run in the context of the site running the vulnerable software.
http://[TARGET]/supporter/index.php?t=tickettime&id= alert(document.cookie)
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2002-06/0057.htmlhttp://www.iss.net/security_center/static/9319.phphttp://www.iss.net/security_center/static/9320.phphttp://www.securityfocus.com/bid/4967http://www.securityfocus.com/bid/4970http://archives.neohapsis.com/archives/bugtraq/2002-06/0057.htmlhttp://www.iss.net/security_center/static/9319.phphttp://www.iss.net/security_center/static/9320.phphttp://www.securityfocus.com/bid/4967http://www.securityfocus.com/bid/4970
2002-10-04
Published