Kayako : Security Vulnerabilities, CVEs, Published In 2008
Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsMakeSrc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue is probably in the HTMLArea HTMLTidy (HTML Tidy) plugin, not eSupport.
Max CVSS
4.3
EPSS Score
0.17%
Published
2008-10-28
Updated
2017-08-08
SQL injection vulnerability in staff/index.php in Kayako SupportSuite 3.20.02 and earlier allows remote authenticated users to execute arbitrary SQL commands via the customfieldlinkid parameter in a delcflink action.
Max CVSS
6.5
EPSS Score
0.34%
Published
2008-08-15
Updated
2017-08-08
Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation.
Max CVSS
4.3
EPSS Score
0.50%
Published
2008-08-15
Updated
2017-08-08
Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal.
Max CVSS
5.0
EPSS Score
0.38%
Published
2008-01-23
Updated
2018-10-15
4 vulnerabilities found