{"id": "CVE-2005-2460", "bulletinFamily": "NVD", "title": "CVE-2005-2460", "description": "Multiple cross-site scripting (XSS) vulnerabilities in Kayako liveResponse 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter or (2) name field when entering a session or sending a message.", "published": "2005-12-31T05:00:00", "modified": "2016-10-18T03:27:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2460", "reporter": "cve@mitre.org", "references": ["http://marc.info/?l=bugtraq&m=112274359718863&w=2", "http://www.osvdb.org/18395", "http://www.osvdb.org/18397", "http://secunia.com/advisories/16286", "http://www.gulftech.org/?node=research&article_id=00092-07302005", "http://www.securityfocus.com/bid/14425"], "cvelist": ["CVE-2005-2460"], "type": "cve", "lastseen": "2019-05-29T18:08:14", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "df08a83081cec614009639ed3ec96ee8"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "2286f82fa909e71873216e94d67731a1"}, {"key": "cpe23", "hash": "5ab2c4a215deeb444829f39255f6ee72"}, {"key": "cvelist", "hash": "21ee0fc9c65e39553a3bae6d74490365"}, {"key": "cvss", "hash": "c3c91421e192e0e8141c03da51a74b99"}, {"key": "cvss2", "hash": "31556b2b64ea06ff619ef6ef7e0ad220"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "ce489673435937006545ab5eb367356b"}, {"key": "href", "hash": "d1317d437bf144e5fa3424c644f9d9f4"}, {"key": "modified", "hash": "5c8d5923625250ebc1a5f1fd1e6e7525"}, {"key": "published", "hash": "cf13c06c53ad3ab27a84a1152db56feb"}, {"key": "references", "hash": "ed69b85f5def02a5e54d34ac601815cf"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "6815b2e51bc39d1cf2f95bb1a0f7ed90"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "a8f55e5d300d7d9f06d1ce63eeffb267ca19ef333faa5a564e23d4e9355753b5", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:18395", "OSVDB:18397"]}, {"type": "exploitdb", "idList": ["EDB-ID:26051"]}, {"type": "nessus", "idList": ["KAYAKO_LIVERESPONSE_MULT_FLAWS.NASL"]}], "modified": "2019-05-29T18:08:14"}, "score": {"value": 4.4, "vector": "NONE", "modified": "2019-05-29T18:08:14"}, "vulnersScore": 4.4}, "objectVersion": "1.3", "cpe": ["cpe:/a:kayako:liveresponse:2.0"], "affectedSoftware": [{"name": "kayako liveresponse", "operator": "eq", "version": "2.0"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:kayako:liveresponse:2.0:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}

{"exploitdb": [{"lastseen": "2016-02-03T02:44:28", "bulletinFamily": "exploit", "description": "Kayako LiveResponse 2.0 index.php username Parameter XSS. CVE-2005-2460. Webapps exploit for php platform", "modified": "2005-07-30T00:00:00", "published": "2005-07-30T00:00:00", "id": "EDB-ID:26051", "href": "https://www.exploit-db.com/exploits/26051/", "type": "exploitdb", "title": "Kayako LiveResponse 2.0 index.php username Parameter XSS", "sourceData": "source: http://www.securityfocus.com/bid/14425/info\r\n\r\nKayako LiveResponse is prone to multiple cross-site scripting, SQL injection, and HTML injection vulnerabilties. These issues are all related to input validation errors.\r\n\r\nThe cross-site scripting and HTML injection vulnerabilities may allow for theft of cookie-based authentication credentials or other attacks. The SQL injection vulnerabilities may permit a remote attacker to compromise the software or launch attacks other attacks against the database. \r\n\r\nhttp://www.example.com/index.php?username=\"><script>alert(document.cookie)</script>\r\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/26051/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "## Vulnerability Description\nKayako LiveResponse contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue exists because the application does not sanitize the user's input when entering a session or sending a message to the support staff. A malicious user may input arbitrary code which will be executed in the context of the support staff browser. This flaw may lead to a loss of confidentiality, integrity and availability.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nKayako LiveResponse contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue exists because the application does not sanitize the user's input when entering a session or sending a message to the support staff. A malicious user may input arbitrary code which will be executed in the context of the support staff browser. This flaw may lead to a loss of confidentiality, integrity and availability.\n## References:\nVendor URL: http://www.kayako.com/\n[Secunia Advisory ID:16286](https://secuniaresearch.flexerasoftware.com/advisories/16286/)\n[Related OSVDB ID: 18398](https://vulners.com/osvdb/OSVDB:18398)\n[Related OSVDB ID: 18399](https://vulners.com/osvdb/OSVDB:18399)\n[Related OSVDB ID: 18395](https://vulners.com/osvdb/OSVDB:18395)\n[Related OSVDB ID: 18396](https://vulners.com/osvdb/OSVDB:18396)\nOther Advisory URL: http://www.gulftech.org/?node=research&article_id=00092-07302005\n[Nessus Plugin ID:19335](https://vulners.com/search?query=pluginID:19335)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0516.html\n[CVE-2005-2460](https://vulners.com/cve/CVE-2005-2460)\nBugtraq ID: 14425\n", "modified": "2005-07-30T05:10:46", "published": "2005-07-30T05:10:46", "href": "https://vulners.com/osvdb/OSVDB:18397", "id": "OSVDB:18397", "type": "osvdb", "title": "Kayako LiveResponse Unspecified Script Injection Privilege Escalation", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "## Vulnerability Description\nKayako LiveResponse contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'username' variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity and confidentiality\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nKayako LiveResponse contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'username' variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity and confidentiality\n## Manual Testing Notes\nhttp://[target]/index.php?username=\"><script>alert(document.cookie)</script>\n## References:\nVendor URL: http://www.kayako.com/\n[Secunia Advisory ID:16286](https://secuniaresearch.flexerasoftware.com/advisories/16286/)\n[Related OSVDB ID: 18397](https://vulners.com/osvdb/OSVDB:18397)\n[Related OSVDB ID: 18398](https://vulners.com/osvdb/OSVDB:18398)\n[Related OSVDB ID: 18399](https://vulners.com/osvdb/OSVDB:18399)\n[Related OSVDB ID: 18396](https://vulners.com/osvdb/OSVDB:18396)\nOther Advisory URL: http://www.gulftech.org/?node=research&article_id=00092-07302005\n[Nessus Plugin ID:19335](https://vulners.com/search?query=pluginID:19335)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0516.html\n[CVE-2005-2460](https://vulners.com/cve/CVE-2005-2460)\nBugtraq ID: 14425\n", "modified": "2005-07-30T05:10:46", "published": "2005-07-30T05:10:46", "href": "https://vulners.com/osvdb/OSVDB:18395", "id": "OSVDB:18395", "type": "osvdb", "title": "Kayako LiveResponse index.php username Variable XSS", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2019-11-01T02:48:17", "bulletinFamily": "scanner", "description": "The remote host is running Kayako LiveResponse, a web-based live\nsupport system. \n\nThe installed version of Kayako LiveResponse on the remote host fails\nto sanitize user-supplied input to many parameters / scripts, which\nmakes the application vulnerable to SQL injection and cross-site\nscripting attacks. In addition, the application embeds passwords in\nplaintext as part of GET requests and will reveal its installation\ndirectory in response to direct calls to several scripts.", "modified": "2019-11-02T00:00:00", "id": "KAYAKO_LIVERESPONSE_MULT_FLAWS.NASL", "href": "https://www.tenable.com/plugins/nessus/19335", "published": "2005-08-01T00:00:00", "title": "Kayako LiveResponse Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description) \n{\n script_id(19335);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2018/11/15 20:50:17\");\n\n script_cve_id(\n \"CVE-2005-2460\", \n \"CVE-2005-2461\", \n \"CVE-2005-2462\", \n \"CVE-2005-2463\"\n );\n script_bugtraq_id(14425);\n\n script_name(english:\"Kayako LiveResponse Multiple Vulnerabilities\");\n script_summary(english:\"Checks for multiple input validation vulnerabilities in Kayako LiveResponse\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP script that is affected by a\nvariety of flaws.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Kayako LiveResponse, a web-based live\nsupport system. \n\nThe installed version of Kayako LiveResponse on the remote host fails\nto sanitize user-supplied input to many parameters / scripts, which\nmakes the application vulnerable to SQL injection and cross-site\nscripting attacks. In addition, the application embeds passwords in\nplaintext as part of GET requests and will reveal its installation\ndirectory in response to direct calls to several scripts.\");\n # http://web.archive.org/web/20080918071253/http://www.gulftech.org/?node=research&article_id=00092-07302005\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b34a9173\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/406914\");\n script_set_attribute(attribute:\"solution\", value:\"Unknown at this time.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/08/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:kayako:liveresponse\");\n script_end_attributes();\n \n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses\");\n \n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\", \"cross_site_scripting.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"url_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\nif ( get_kb_item(\"www/\" + port + \"/generic_xss\") )\n exit(1, \"The server listening on port \"+port+\" is affected by a generic cross-site-scripting vulnerability.\");\n\n# A simple alert.\nxss = \"<script>alert(document.cookie);</script>\";\n\naffected = test_cgi_xss(port: port, cgi: \"/index.php\", dirs: cgi_dirs(), sql_injection: 1,\n qs: strcat( \"username=\", urlencode(str:string('\">', xss)), \"&\",\n\t \"password=\", SCRIPT_NAME), \n # There's a problem if we see our XSS as part of the LiveResponse \n # login form.\n pass_str: strcat('input name=username type=text value=\"\\\">',xss) );\n\nif (!affected)\n exit(0, \"No affected URLs were found on port \"+port+\".\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}]}