Lucene search
PRIOn knowledge basePRION:CVE-2008-3700HistoryAug 15, 2008 - 8:41 p.m.
Cross site scripting
2008-08-1520:41:00
PRIOn knowledge base
www.prio-n.com
2
Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation.
| CPE | Name | Operator | Version |
|---|---|---|---|
| supportsuite | eq | 3.10.00 | |
| supportsuite | eq | 3.11.01 | |
| supportsuite | le | 3.20.02 | |
| supportsuite | eq | 3.11.00 | |
| supportsuite | eq | 3.10.02 |
References
forums.kayako.com/f3/3-30-00-stable-released-18304/
osvdb.org/47613
osvdb.org/47614
osvdb.org/47615
secunia.com/advisories/31431
www.gulftech.org/?node=research&article_id=00123-08092008
www.securityfocus.com/bid/30642
exchange.xforce.ibmcloud.com/vulnerabilities/44382
exchange.xforce.ibmcloud.com/vulnerabilities/44383
Related
cve
cve
CVE-2008-3700
2008-08-15 20:41:00
nvd
nvd
CVE-2008-3700
2008-08-15 20:41:00
cvelist
cvelist
CVE-2008-3700
2008-08-15 20:06:00
nessus
nessus
Kayako SupportSuite < 3.30.01 Multiple Vulnerabilities
2008-08-22 00:00:00