Vulnerabilities > CVE-2005-1672 - Unspecified vulnerability in Ubertec Help Center Live
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in Help Center Live allow remote attackers to inject arbitrary web script or HTML via the (1) find parameter to index.php, (2) name or (3) message field of a chat request, or (4) the message body when opening a trouble ticket.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | HelpCenter Live! < 1.2.7 - Multiple Vulnerabilities. CVE-2005-1672,CVE-2005-1673,CVE-2005-1674. Webapps exploit for PHP platform |
| id | EDB-ID:43814 |
| last seen | 2018-01-24 |
| modified | 2004-05-17 |
| published | 2004-05-17 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/43814/ |
| title | HelpCenter Live! < 1.2.7 - Multiple Vulnerabilities |
Nessus
| NASL family | CGI abuses |
| NASL id | HCL_MULT_VULNS.NASL |
| description | The remote host is running Help Center Live, a help desk written in PHP that suffers from multiple vulnerabilities: - Multiple SQL Injection Vulnerabilities The application fails in many cases to sanitize user- supplied input before using it in database queries. As long as PHP |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 18296 |
| published | 2005-05-18 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/18296 |
| title | Help Center Live Multiple Vulnerabilities (SQLi, XSS, CSRF) |