This script is Copyright (C) 2005-2012 Tenable Network Security, Inc.
The remote web server contains a PHP script that is affected by
several cross-site scripting vulnerabilities.
The version of Kayako eSupport installed on the remote host is subject
to multiple cross-site scripting vulnerabilities in the script
'index.php' through the parameters '_i' and '_c'. These issues may
allow an attacker to inject HTML and script code into a user's browser
within the context of the remote site, enabling him to steal
authentication cookies, access data recently submitted by the user,
and the like.
See also :
Upgrade to eSupport 2.3.1 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 4.3
Public Exploit Available : true