Cerberus Helpdesk vulnerable to XSS

2006.02.01

Credit: Preben Nyloekken

Risk: Low

Local: Yes

Remote: Yes

CVE: CVE-2006-0509

CWE: CWE-79

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

Inputs in the Cerberus Helpdesk is not properly sanitized, and XSS is possible in a lot of the systems input fields and url parameters.

You can add XSS that will hit every user of the system, and even simple scripting tags like <script>alert('f')</script> is allowed

PoC: http://www.SITE.example/tts2/clients.php?mode=search&sid=<sidvalue>&cont
act_search=<script>alert('c')</script>

Vendor?s site:
http://www.webgroupmedia.com

Please credit to: Preben Nyl?kken

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Cerberus Helpdesk vulnerable to XSS

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Cerberus Helpdesk vulnerable to XSS

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.