Cross-site scripting (XSS) vulnerability in kbase/kbase.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.Referenceshttp://secunia.com/advisories/36209http://www.exploit-db.com/exploits/9396https://exchange.xforce.ibmcloud.com/vulnerabilities/52361
