CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-5176

Multiple cross-site scripting (XSS) vulnerabilities in GroupLink eHelpDesk 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) NA_DISPLAYNAME parameter in helpdesk/user/rf_create.jsp and the (2) username and (3) LDAPError parameters in index2.jsp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 66.3%

CVSS Severity

CVSS v2 Score 4.3

References

http://osvdb.org/37535
http://osvdb.org/37536
http://secunia.com/advisories/26892
http://www.securityfocus.com/bid/25870
https://exchange.xforce.ibmcloud.com/vulnerabilities/36885
https://exchange.xforce.ibmcloud.com/vulnerabilities/36886
http://osvdb.org/37535
http://osvdb.org/37536
http://secunia.com/advisories/26892
http://www.securityfocus.com/bid/25870
https://exchange.xforce.ibmcloud.com/vulnerabilities/36885
https://exchange.xforce.ibmcloud.com/vulnerabilities/36886

Products affected by CVE-2007-5176

Grouplink » Ehelpdesk » Version: 6.2.2

cpe:2.3:a:grouplink:ehelpdesk:6.2.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-5176

Products

Pricing

Contact Us