CVE-2006-6366 | Vulnerability Database | Aqua Security

Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web script or HTML via the js parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Affected Software

Name	Vendor	Start Version	End Version
Helpdesk	Cerberus	3.2.1	3.2.1
Helpdesk	Cerberus	2.7	2.7
Helpdesk	Cerberus	3.3	3.3
Helpdesk	Cerberus	2.5	2.5
Helpdesk	Cerberus	3.2.317	3.2.317
Helpdesk	Cerberus	2.3	2.3
Helpdesk	Cerberus	2.4	2.4
Helpdesk	Cerberus	2.2	2.2
Helpdesk	Cerberus	2.1	2.1
Helpdesk	Cerberus	2.0	2.0
Helpdesk	Cerberus	2.6.1	2.6.1
Helpdesk	Cerberus	2.7.1	2.7.1
Helpdesk	Cerberus	0.97.3	0.97.3

References

http://www.securityfocus.com/bid/21423
http://secunia.com/advisories/23193
http://www.vupen.com/english/advisories/2006/4875
https://exchange.xforce.ibmcloud.com/vulnerabilities/30719

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-6366
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html