Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Kayako eSupport Multiple XSS

Medium

Synopsis

The remote host is running Kayako eSupport, a web-based support and help desk application.

Description

The remote host is running Kayako eSupport, a web-based support and help desk application. This version of Kayako is vulnerable to a Cross-Site Scripting (XSS) attack. An attacker exploiting this flaw would need to be able to convince an unsuspecting user to visit a malicious website. Upon successful exploitation, the attacker would be able to possibly steal credentials or execute browser-side code.

Solution

Upgrade to a version greater than 2.3.1.