- Description
- Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (a) 5 or (b) 9 field in a post action to ticket_function.php, reachable through ticket_submit.php and index.php; (c) the which parameter to function.php, or (d) the which parameter to index.php, related to knowledgebase_list.php. NOTE: some of these details are obtained from third party information.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
- nvd@nist.gov
- CWE-79
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:idevspot:isupport:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D31D3E09-AB46-41AF-81A4-CCE3CA6C7C9B",
"versionEndIncluding": "1.8"
},
{
"criteria": "cpe:2.3:a:idevspot:isupport:1.02:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "61E9972C-8C1A-435A-A905-8D3E03B8167E"
},
{
"criteria": "cpe:2.3:a:idevspot:isupport:1.06:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "05D0FC32-BE89-4EDE-8DBA-463D7D10FA61"
}
],
"operator": "OR"
}
]
}
]