Cross-Site Scripting Vulnerability in Cerberus Helpdesk by Cerberus
CVE-2006-6366

Currently unrated

Key Information:

Vendor: Cerberus
Status: Helpdesk
Vendor: CVE Published:; 7 December 2006

What is CVE-2006-6366?

A cross-site scripting (XSS) vulnerability exists in Cerberus Helpdesk due to improper validation of user input in the spellcheck feature. This flaw allows remote attackers to inject arbitrary web script or HTML into web pages viewed by users. Specifically, the vulnerability arises from the handling of the 'js' parameter in the 'includes/elements/spellcheck/spellwin.php' file, leading to potential security compromises for affected versions of the product.

References

http://www.vupen.com/english/advisories/2006/4875

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/30719

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/21423

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 7, 2006
Vulnerability Reserved
Dec 6, 2006

CVE-2006-6366 Data

JSON