This script is Copyright (C) 2005-2012 Tenable Network Security, Inc.
The remote web server contains a PHP script that is affected by a
variety of flaws.
The remote host is running Kayako LiveResponse, a web-based live
The installed version of Kayako LiveResponse on the remote host fails
to sanitize user-supplied input to many parameters / scripts, which
makes the application vulnerable to SQL injection and cross-site
scripting attacks. In addition, the application embeds passwords in
plaintext as part of GET requests and will reveal its installation
directory in response to direct calls to several scripts.
See also :
Unknown at this time.
Risk factor :
Medium / CVSS Base Score : 6.4
CVSS Temporal Score : 6.4
Public Exploit Available : true