CVE-2006-6159

Name of the Vulnerable Software and Affected Versions DeskPRO versions 2.0.0 through 2.0.1

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the message or subject parameter in the "newticket.php" file.

Recommendations For DeskPRO versions 2.0.0 through 2.0.1, consider restricting access to the newticket.php file until a patch is available. As a temporary workaround, avoid using the message and subject parameters in the affected file to minimize the risk of exploitation.