vendor:
Cerberus Helpdesk
by:
7.5
CVSS
HIGH
Cross-site Scripting (XSS), SQL Injection
79, 89
CWE
Product Name: Cerberus Helpdesk
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:cerberus_helpdesk:cerberus_helpdesk
Platforms Tested:
Cerberus Helpdesk Multiple Vulnerabilities
Cerberus Helpdesk is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are the result of inadequate validation of user-supplied input that will be included in site output or in SQL queries. The cross-site scripting vulnerability may permit a remote attacker to steal cookie-based authentication credentials from legitimate users. Successful exploitation of SQL injection vulnerabilities could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Mitigation:
Implement proper input validation and sanitization techniques to prevent cross-site scripting and SQL injection attacks. Regularly update the software to apply any patches or security fixes provided by the vendor.
