CVE-2006-6366

Name of the Vulnerable Software and Affected Versions Cerberus Helpdesk versions 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3

Description The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the js parameter in the includes/elements/spellcheck/spellwin.php file.

Recommendations For Cerberus Helpdesk versions 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3, avoid using the js parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the includes/elements/spellcheck/spellwin.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.