CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2007-5727

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.0530%
EPSS Percentile34.45th
Published2007年10月30日
Last Modified2026年4月23日

Vulnerability Description

Incomplete blacklist vulnerability in the stripScripts function in common.php in OneOrZero Helpdesk 1.6.5.4, 1.6.4.2, and possibly other versions, allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary web script or HTML via XSS sequences without SCRIPT tags in the description parameter to (1) tcreate.php or (2) tupdate.php, as demonstrated using an onmouseover event in a b tag.

Affected Platforms (CPE)

📦
Oneorzero

Oneorzero Helpdesk

= 1.6.4.2
📦
Oneorzero

Oneorzero Helpdesk

= 1.6.5.4

References & Advisories

🔗 http://osvdb.org/38215
🔗 http://osvdb.org/38836
🔗 http://secunia.com/advisories/27415
🔗 http://securityreason.com/securityalert/3320
🔗 http://www.securityfocus.com/archive/1/482790/100/0/threaded
🔗 http://www.securityfocus.com/bid/26208
🔗 http://www.securityfocus.com/bid/26217
🔗 http://osvdb.org/38215

相關漏洞威脅

CVE-2006-54747.5

The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 generates insecure passwords by concatenating the current time...

CVE-2009-08865.0

Directory traversal vulnerability in login.php in OneOrZero Helpdesk 1.6.5.7 and earlier allows remote attackers to read arbitrary...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...