CVE-2006-6366

Published: Dec 7, 2006Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web script or HTML via the js parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Affected (13)

Products: Cerberus: Helpdesk

Cerberus

1 product

Helpdesk

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Cerberus Helpdesk	Version 0.97.3
Cerberus Helpdesk	Version 2.0
Cerberus Helpdesk	Version 2.1
Cerberus Helpdesk	Version 2.2
Cerberus Helpdesk	Version 2.3
Cerberus Helpdesk	Version 2.4
Cerberus Helpdesk	Version 2.5
Cerberus Helpdesk	Version 2.6.1
Cerberus Helpdesk	Version 2.7.1
Cerberus Helpdesk	Version 2.7
Cerberus Helpdesk	Version 3.2.1
Cerberus Helpdesk	Version 3.2.317
Cerberus Helpdesk	Version 3.3