[原文]Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 allows remote attackers to inject arbitrary web script or HTML via the (1) errorcode parameter to index.php or (2) certain fields to clients.php.
Cerberus Helpdesk contains a flaw that allows a remote cross site scripting attack. The flaw exists because the application does not validate the 'errorcode' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Contact the vendor for an appropriate upgrade. It is also possible to correct the flaw by implementing the following workaround: in php.ini, set 'display_errors' to 'Off'.