CVE-2010-0460

Kayako Esupport < 3.60.04 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in staff/index.php in Kayako SupportSuite 3.60.04 and earlier allow remote authenticated users to inject arbitrary web script or HTML via the (1) subject parameter and (2) contents parameter (aka body) in an insertquestion action. NOTE: some of these details are obtained from third party information.

References (6)

[Exploit] http://packetstormsecurity.org/1001-advisories/kayako-xss.txt

[Vendor Advisory] http://secunia.com/advisories/38322

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/509122/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/37947

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/55859

[Third Party Advisory, VDB Entry] http://osvdb.org/61928

Scores

EPSS 0.0034

EPSS Percentile 56.0%

Classification

CWE

CWE-79

Status published

Affected Products (13)

kayako/esupport < 3.60.04

kayako/supportsuite

kayako/supportsuite

kayako/supportsuite

kayako/supportsuite

kayako/supportsuite

kayako/supportsuite

kayako/supportsuite

kayako/supportsuite

kayako/supportsuite

kayako/supportsuite

kayako/supportsuite

n/a/n/a

Timeline

Published Jan 28, 2010

Tracked Since Feb 18, 2026