Inputs in the Cerberus Helpdesk is not properly sanitized, and XSS is possible in a lot of the systems
input fields and url parameters.
You can add XSS that will hit every user of the system, and even simple scripting tags like
<script>alert(‘f’)</script> is allowed
Vendor’s site:
http://www.webgroupmedia.com
Please credit to: Preben Nylшkken