Cross site scripting

2009-10-0620:30:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.0%

JSON

Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff control panel, a different vector than CVE-2007-1145.

CPENameOperatorVersion
esupportle3.60.04
esupporteq2.1.8
esupporteq2.2
esupporteq3.00.90
esupporteq2.3.1
esupporteq3.00.13
esupporteq2.3
esupporteq2.1.2
esupporteq2.2.5
esupporteq3.04.10

Name	Operator	Version
esupport	le	3.60.04
esupport	eq	2.1.8
esupport	eq	2.2
esupport	eq	3.00.90
esupport	eq	2.3.1
esupport	eq	3.00.13
esupport	eq	2.3
esupport	eq	2.1.2
esupport	eq	2.2.5
esupport	eq	3.04.10