CVE-2007-4412
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2007-4412
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Headstart Solutions DeskPRO 3.0.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (1) techs.php, (2) ticket_category.php, (3) ticket_priority.php, (4) ticket_workflow.php, (5) ticket_escalate.php, (6) fields_ticket.php, (7) ticket_rules_web.php, (8) ticket_displayfields.php, (9) ticket_rules_mail.php, (10) fields_user.php, (11) fields_faq.php, and (12) user_help.php, in (a) admincp/ and (b) possibly a directory on the "User side."
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Headstart Solutions DeskPRO 多个跨站脚本攻击漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Headstart Solutions DeskPRO 3.0.2版本中存在多个跨站脚本攻击漏洞。远程验证用户,可以借助(1) techs.php, (2) ticket_category.php, (3) ticket_priority.php, (4) ticket_workflow.php, (5) ticket_escalate.php, (6) fields_ticket.php, (7) ticket_rules_web.php, (8) ticket_displayfields.php, (
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2007-4412
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2007-4412
Please Login to view more intelligence information
- DeskPRO Admin Panel Multiple HTML Injections - CXSecurity.comthird-party-advisoryx_refsource_SREASON
- https://nvd.nist.gov/vuln/detail/CVE-2007-4412
Same Patch Batch · n/a · 2007-08-18 · 35 CVEs total
| CVE-2007-4416 | BellaBook'captcha.php'权限提升漏洞 | |
| CVE-2007-4407 | Universal Ircd Server 多个远程漏洞 | |
| CVE-2007-4408 | ircu 多个远程漏洞 | |
| CVE-2007-4409 | ircu 竞争状态错误漏洞 | |
| CVE-2007-4410 | Universal Ircd Server 多个远程漏洞 | |
| CVE-2007-4411 | Universal Ircd Server 多个远程漏洞 | |
| CVE-2007-4413 | Headstart Solutions DeskPRO'admincp/user_help.php'直接静态代码注入漏洞 | |
| CVE-2007-4414 | Windows平台的Cisco VPN客户端多个本地权限提升漏洞 | |
| CVE-2007-4415 | Windows平台的Cisco VPN客户端多个本地权限提升漏洞 | |
| CVE-2007-4406 | ircu timestamp服务 权限提升漏洞 | |
| CVE-2007-4417 | IBM DB2 UDB Fixpak配置错误漏洞 | |
| CVE-2007-4418 | IBM DB2 UDB Fixpak 检测权限管理漏洞 | |
| CVE-2007-4419 | Olate Download 'Admin.php'cookie信息泄露漏洞 | |
| CVE-2007-4420 | EDraw Office Viewer 组件 officeviewer.ocx ActiveX控件绝对路径遍历漏洞 | |
| CVE-2007-4421 | Olate Download'Admin.php'SQL注入漏洞 | |
| CVE-2007-4422 | Symantec企业防火墙用户名枚举漏洞 | |
| CVE-2007-4423 | IBM DB2 UDB AUTH_LIST_GROUPS_FOR_AUTHID函数未明漏洞 | |
| CVE-2007-4398 | weechat 脚本now-playing.rb和 xmms.pl多个CRLF注入漏洞 | |
| CVE-2007-4270 | IBM DB2 Universal Database本地用户权限提升漏洞 | |
| CVE-2007-4271 | IBM DB2 Universal Database目录遍历漏洞 |
Showing top 20 of 35 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8226
Open5GS types.c ogs_pcc_rule_install_flow_from_media denial - CVE-2026-8225
Open5GS delete Endpoint sm-sm.c pcf_npcf_smpolicycontrol_han - CVE-2026-8224
Open5GS PCF context.c pcf_sess_set_ipv6prefix denial of serv - CVE-2026-8223
Open5GS sm-policies Endpoint pcf_sess_sbi_discover_and_send - CVE-2026-8222
Open5GS sm-policies Endpoint nbsf-handler.c pcf_nbsf_managem
V. Comments for CVE-2007-4412
No comments yet