Description
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.x allows remote attackers to inject arbitrary web script or HTML via the searchm parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by GulfTech Security · textwebappsphp
https://www.exploit-db.com/exploits/25037
References (4)
Core 4
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/12037
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18571
Exploit x_refsource_misc
http://www.gulftech.org/?node=research&article_id=00056-12182004
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110352428607171&w=2
Scores
EPSS
0.0058
EPSS Percentile
69.1%
Details
Status
published
Products (5)
kayako/esupport
2.1.2
kayako/esupport
2.1.8
kayako/esupport
2.2
kayako/esupport
2.2.5
kayako/esupport
2.3
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026