icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Kayako SupportSuite < 3.30.01 Multiple Vulnerabilities

High

Synopsis

The remote web server contains a PHP application affected by several vulnerabilities.

Description

The remote host is running Kayako SupportSuite, a web-based electronic support portal written in PHP. According to its banner, the version of Kayako installed on the remote host is earlier than 3.30.01 and is affected by several issues:

- There is a blind SQL injection issue in the staff panel that enables a staff user to gain administrative access. - A user may be able to inject arbitrary script into a user's browser by opening a ticket or requesting a chat if they include the script in the 'Full Name' field associated with their account. - There are numerous cross-site scripting issues.

Solution

Upgrade to version 3.30.01 or higher.