Hacker Sun

**Name of the Vulnerable Software and Affected Versions** PMOS Help Desk versions 2.4 InverseFlow Help Desk version 2.31 Ace Helpdesk version 2.31 **Description** The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to cross-site scripting (XSS) attacks. This is possible via the `id` or `email` parameter to "ticketview.php", or the `email` parameter to "ticket.php". **Recommendations** For PMOS Help Desk version 2.4, update to a version that fixes the XSS vulnerabilities. For InverseFlow Help Desk version 2.31, update to a version that fixes the XSS vulnerabilities. For Ace Helpdesk version 2.31, update to a version that fixes the XSS vulnerabilities.