CVE-2007-5176

Name of the Vulnerable Software and Affected Versions GroupLink eHelpDesk version 6.2.2

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the NA DISPLAYNAME parameter in "helpdesk/user/rf create.jsp", and the username and LDAPError parameters in "index2.jsp".

Recommendations For version 6.2.2, consider restricting access to the vulnerable parameters NA DISPLAYNAME, username, and LDAPError in the respective API endpoints until a patch is available. As a temporary workaround, avoid using these parameters in "helpdesk/user/rf create.jsp" and "index2.jsp" to minimize the risk of exploitation.