Kayako eSupport Multiple XSS

Medium Nessus Network Monitor Plugin ID 2621

Synopsis

The remote host is running Kayako eSupport, a web-based support and help desk application.

Description

The remote host is running Kayako eSupport, a web-based support and help desk application. This version of Kayako is vulnerable to a Cross-Site Scripting (XSS) attack. An attacker exploiting this flaw would need to be able to convince an unsuspecting user to visit a malicious website. Upon successful exploitation, the attacker would be able to possibly steal credentials or execute browser-side code.

Solution

Upgrade to a version greater than 2.3.1.

See Also

http://www.securityfocus.com/archive/1/393946

http://forums.kayako.com/showthread.php?t=2689

http://www.kayako.com

Plugin Details

Severity: Medium

ID: 2621

Family: CGI

Published: 2005/02/15

Modified: 2016/01/21

Dependencies: 1442

Nessus ID: 16474, 17598

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.4

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

CVSSv3

Base Score: 6.5

Temporal Score: 6.5

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS3#E:H/RL:O/RC:C

Reference Information

CVE: CVE-2005-0487, CVE-2005-2460, CVE-2005-2461, CVE-2005-2462, CVE-2005-0842, CVE-2005-2463

BID: 12563, 14425, 12868