cbcvebase.
CVE-2007-5727
published 2007-10-30

CVE-2007-5727: Incomplete blacklist vulnerability in the stripScripts function in common.php in OneOrZero Helpdesk 1.6.5.4, 1.6.4.2, and possibly other versions, allows…

PriorityP415medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.92%
77.3th percentile
Incomplete blacklist vulnerability in the stripScripts function in common.php in OneOrZero Helpdesk 1.6.5.4, 1.6.4.2, and possibly other versions, allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary web script or HTML via XSS sequences without SCRIPT tags in the description parameter to (1) tcreate.php or (2) tupdate.php, as demonstrated using an onmouseover event in a b tag.

Affected

2 ranges
VendorProductVersion rangeFixed in
oneorzerooneorzero_helpdesk
oneorzerooneorzero_helpdesk
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.