Description
Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web script or HTML via the js parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by En Douli · textwebappsphp
https://www.exploit-db.com/exploits/29222
References (4)
Core 4
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4875
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30719
Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/21423
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23193
Scores
EPSS
0.0046
EPSS Percentile
64.1%
Details
Status
published
Products (13)
cerberus/helpdesk
0.97.3
cerberus/helpdesk
2.0
cerberus/helpdesk
2.1
cerberus/helpdesk
2.2
cerberus/helpdesk
2.3
cerberus/helpdesk
2.4
cerberus/helpdesk
2.5
cerberus/helpdesk
2.6.1
cerberus/helpdesk
2.7
cerberus/helpdesk
2.7.1
... and 3 more
Published
Dec 07, 2006
Tracked Since
Feb 18, 2026