Call Center Software is "one of the most important aspects of any call help center, being able to track and manage calls can be the key to high customer satisfaction. Our 100% free call center software solution is based on PHP and the MySQL database". A vulnerability in the way Call Center Software handling user provided input allows attackers to insert arbitrary HTML and/or Javascript into the database.
Vulnerable Systems:
* Call Center Software version: 0.93 and prior
Call Center Software allows users to insert a problem description (stored under the 'problem_desc' field) inside the database. This field is a text field, therefore any character can be placed there. If the user inserts HTML and/or Javascript into the description field he can cause the Call Center Software to return this to the user viewing the problem description field which in turn can be used to cause a XSS attack.
