Kayako eSupport Multiple XSS
Medium Nessus Network Monitor Plugin ID 2621
SynopsisThe remote host is running Kayako eSupport, a web-based support and help desk application.
DescriptionThe remote host is running Kayako eSupport, a web-based support and help desk application. This version of Kayako is vulnerable to a Cross-Site Scripting (XSS) attack. An attacker exploiting this flaw would need to be able to convince an unsuspecting user to visit a malicious website. Upon successful exploitation, the attacker would be able to possibly steal credentials or execute browser-side code.
SolutionUpgrade to a version greater than 2.3.1.