Synopsis :

The remote web server contains a PHP script that is affected by a
variety of flaws.

Description :

The remote host is running Kayako LiveResponse, a web-based live
support system.

The installed version of Kayako LiveResponse on the remote host fails
to sanitize user-supplied input to many parameters / scripts, which
makes the application vulnerable to SQL injection and cross-site
scripting attacks. In addition, the application embeds passwords in
plaintext as part of GET requests and will reveal its installation
directory in response to direct calls to several scripts.

See also :

http://www.nessus.org/u?b34a9173
http://www.securityfocus.com/archive/1/406914

Solution :

Unknown at this time.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 6.4
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true