Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php.
https://exchange.xforce.ibmcloud.com/vulnerabilities/30489
http://www.vupen.com/english/advisories/2006/4672
http://www.vupen.com/english/advisories/2006/4671
http://www.vupen.com/english/advisories/2006/4670
http://www.securityfocus.com/bid/21250
http://www.securityfocus.com/archive/1/452397/100/0/threaded
http://www.attrition.org/pipermail/vim/2006-November/001148.html
http://securityreason.com/securityalert/1928
http://secunia.com/advisories/23071