Cerberus Helpdesk vulnerable to XSS

Inputs in the Cerberus Helpdesk is not properly sanitized, and XSS is possible in a lot of the systems
input fields and url parameters.

You can add XSS that will hit every user of the system, and even simple scripting tags like
<script>alert(‘f’)</script> is allowed

PoC:
http://www.SITE.example/tts2/clients.php?mode=search&amp;sid=&lt;sidvalue&gt;&amp;contact_search=&lt;script&gt;alert&#40;&#39;c&#39;&#41;&lt;/script&gt;

Vendor’s site:
http://www.webgroupmedia.com

Please credit to: Preben Nylшkken