Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3700

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-3700
Last Modified 18 Mar 2009 01:41:00
Published 15 Aug 2008 04:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3700

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation.

Vulnerable Systems

Application

  • Kayako Supportsuite 3.10.00

  • Kayako Supportsuite 3.10.02

  • Kayako Supportsuite 3.11.00

  • Kayako Supportsuite 3.11.01

  • Kayako Supportsuite 3.20.02


References

XF - kayako-fullname-xss(44383)

XF - kayako-sessionid-xss(44382)

BID - 30642

MISC - http://www.gulftech.org/?node=research&article_id=00123-08092008

SECUNIA - 31431

OSVDB - 47615

OSVDB - 47614

OSVDB - 47613

MISC - http://forums.kayako.com/f3/3-30-00-stable-released-18304/


Last Updated: 27 May 2016 10:48:16