header-logo
Suggest Exploit
vendor:
SupportSuite
by:
SecurityFocus
7.5
CVSS
HIGH
SQL-injection, Cross-site Scripting, HTML-injection
89, 79, 80
CWE
Product Name: SupportSuite
Affected Version From: Prior to 3.30
Affected Version To: Prior to 3.30
Patch Exists: YES
Related CWE: N/A
CPE: a:kayako:supportsuite
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Kayako SupportSuite Multiple Input-Validation Vulnerabilities

Kayako SupportSuite is prone to multiple input-validation vulnerabilities, including an SQL-injection issue, multiple cross-site scripting issues, and an HTML-injection issue. The vulnerabilities occur because the application fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Input validation should be used to ensure that untrusted data is not allowed to affect the application's logic or the underlying database.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/30642/info
 
Kayako SupportSuite is prone to multiple input-validation vulnerabilities, including an SQL-injection issue, multiple cross-site scripting issues, and an HTML-injection issue. The vulnerabilities occur because the application fails to sufficiently sanitize user-supplied data.
 
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
 
Versions prior to Kayako SupportSuite 3.30 are vulnerable. 

http://www.example.com/index.php?_m=news&_a=view&filter=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Ca%20href=%22

Navigation

Suggest Exploit

Services By CQR