Lucene search

[email protected]CVE-2007-1145

HistoryMar 02, 2007 - 9:18 p.m.

CVE-2007-1145

2007-03-0221:18:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2007-1145

cross-site scripting

xss

kayako supportsuite

esupport

remote attackers

web script

html

security vulnerability

nvd

5.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

77.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user’s name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin and Staff Control Panel. NOTE: this might issue overlap CVE-2004-1412, CVE-2005-0487, or CVE-2005-0842.

CPENameOperatorVersion
kayako:esupportkayako esupporteq3.00.13
kayako:esupportkayako esupporteq3.04.10

CPE	Name	Operator	Version
kayako:esupport	kayako esupport	eq	3.00.13
kayako:esupport	kayako esupport	eq	3.04.10

References

osvdb.org/33535

osvdb.org/33536

secunia.com/advisories/24223

securityreason.com/securityalert/2335

www.securityfocus.com/archive/1/460591/100/0/threaded

www.securityfocus.com/bid/22631

www.vupen.com/english/advisories/2007/0717

5.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

77.8%

JSON

Related for CVE-2007-1145

prion2 cve4 nessus2 openvas1 securityvulns1