ActivDesk 3.0 multiple security vulnerabilities

There are multiple security vulnerabilities in ActivDesk 3.0 which may allow an attacker to take control of the software.

Software

Software Link: ActivDesk

Vulnerable Version: <= 3.0

Vendor Notification: 2011-06-24 - Ticket# 67120010491

Vulnerabilities

# Cross-Site Scripting (XSS) # <= 3.0 # Unpatched

# Blind SQL Injection # <= 3.0 # Unpatched

Reference

# OWASP: Cross-Site Scripting (XSS)

# OWASP: Blind SQL Injection

Appendix

[TXT] ActivDesk 3.0 multiple security vulnerabilities