header-logo
Suggest Exploit
vendor:
SupportSuite
by:
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: SupportSuite
Affected Version From: 3.00.26 and prior
Affected Version To:
Patch Exists: YES
Related CWE:
CPE: a:kayako:supportsuite:3.00.26
Metasploit:
Other Scripts:
Platforms Tested:

Cross-Site Scripting Vulnerabilities in Kayako SupportSuite

Multiple cross-site scripting vulnerabilities exist in Kayako SupportSuite. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a user visiting the affected site. This can lead to the theft of authentication credentials stored in cookies and other malicious activities.

Mitigation:

Apply the vendor-provided patch or upgrade to a version higher than 3.00.26 to mitigate these vulnerabilities. Additionally, it is recommended to sanitize user input and implement strict input validation to prevent cross-site scripting attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/16094/info

Kayako SupportSuite is prone to multiple cross-site scripting vulnerabilities.

An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

These issues affect versions 3.00.26 and prior. 

http://www.example.com/index.php?_m=downloads&_a=view&
parentcategoryid=3&pcid=1&nav=[XSS]

Navigation

Suggest Exploit

Services By CQR