CVE-2006-6366
published 2006-12-07CVE-2006-6366: Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows…
PriorityP423medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.65%
73.5th percentile
Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web script or HTML via the js parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cerberus | helpdesk | — | — |
| cerberus | helpdesk | — | — |
| cerberus | helpdesk | — | — |
| cerberus | helpdesk | — | — |
| cerberus | helpdesk | — | — |
| cerberus | helpdesk | — | — |
| cerberus | helpdesk | — | — |
| cerberus | helpdesk | — | — |
| cerberus | helpdesk | — | — |
| cerberus | helpdesk | — | — |
| cerberus | helpdesk | — | — |
| cerberus | helpdesk | — | — |
| cerberus | helpdesk | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/23193http://www.securityfocus.com/bid/21423http://www.vupen.com/english/advisories/2006/4875https://exchange.xforce.ibmcloud.com/vulnerabilities/30719http://secunia.com/advisories/23193http://www.securityfocus.com/bid/21423http://www.vupen.com/english/advisories/2006/4875https://exchange.xforce.ibmcloud.com/vulnerabilities/30719
2006-12-07
Published