Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in staff/index.php in Kayako SupportSuite 3.60.04 and earlier allow remote authenticated users to inject arbitrary web script or HTML via the 1 subject parameter and 2 contents parameter aka body in an insertquestion action. NOTE: some of these...