CyberSec.Space Logo
Back to CVE Browser

CVE-2007-5727

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.0530%
EPSS Percentile34.45th
PublishedOct 30, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Incomplete blacklist vulnerability in the stripScripts function in common.php in OneOrZero Helpdesk 1.6.5.4, 1.6.4.2, and possibly other versions, allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary web script or HTML via XSS sequences without SCRIPT tags in the description parameter to (1) tcreate.php or (2) tupdate.php, as demonstrated using an onmouseover event in a b tag.

Affected Platforms (CPE)

πŸ“¦
Oneorzero

Oneorzero Helpdesk

= 1.6.4.2
πŸ“¦
Oneorzero

Oneorzero Helpdesk

= 1.6.5.4

References & Advisories

πŸ”— http://osvdb.org/38215
πŸ”— http://osvdb.org/38836
πŸ”— http://secunia.com/advisories/27415
πŸ”— http://securityreason.com/securityalert/3320
πŸ”— http://www.securityfocus.com/archive/1/482790/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/26208
πŸ”— http://www.securityfocus.com/bid/26217
πŸ”— http://osvdb.org/38215

Related Vulnerabilities

CVE-2006-54747.5

The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 generates insecure passwords by concatenating the current time...

CVE-2009-08865.0

Directory traversal vulnerability in login.php in OneOrZero Helpdesk 1.6.5.7 and earlier allows remote attackers to read arbitrary...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...