Back to search
CVE-2008-3700
Published: Aug 15, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.gulftech.org/?node=research&article_id=00123-08092008
x_refsource_MISC
kayako-sessionid-xss(44382)
vdb-entry
x_refsource_XF
47615
vdb-entry
x_refsource_OSVDB
http://forums.kayako.com/f3/3-30-00-stable-released-18304/
x_refsource_MISC
47614
vdb-entry
x_refsource_OSVDB
kayako-fullname-xss(44383)
vdb-entry
x_refsource_XF
47613
vdb-entry
x_refsource_OSVDB
31431
third-party-advisory
x_refsource_SECUNIA
30642
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now