CVE-2005-4637

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) nav parameter in the downloads module, (2) Full Name and (3) Email fields in the core module, (4) Full Name, (5) Email, and (6) Subject fields in the tickets module, or (7) Registered Email field in the lostpassword feature in the core module.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/23916

http://www.securityfocus.com/bid/16094

http://www.osvdb.org/22225

http://www.osvdb.org/22224

http://pridels0.blogspot.com/2005/12/kayako-supportsuite-multiple-vuln.html

Details

Source: Mitre, NVD

Published: 2005-12-31

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.04046