2 matches found
CVE-2014-2006
CVE-2014-2006 is a cross-site scripting (XSS) vulnerability affecting Intercom Web Kyukincho. The issue resides in Web Kyukincho V3 before 3.0.030, where an arbitrary script could be injected and executed in the user’s browser via unspecified vectors. Affected product/version: Web Kyukincho V3 (p...
CVE-2014-3881
CVE-2014-3881 describes a CSRF vulnerability in Intercom Web Kyukincho 3.x (prior to 3.0.030) that enables an attacker to hijack the user’s authenticated actions when a logged-in user visits a malicious page. Affected product: Web Kyukincho (Intercom, Inc.) prior to 3.0.030. Root cause: cross-sit...