header-logo
Suggest Exploit
vendor:
LiveResponse
by:
SecurityFocus
8.8
CVSS
HIGH
Cross-site Scripting, SQL Injection, HTML Injection
79, 89, 91
CWE
Product Name: LiveResponse
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

Kayako LiveResponse Multiple Vulnerabilities

Kayako LiveResponse is prone to multiple cross-site scripting, SQL injection, and HTML injection vulnerabilties. These issues are all related to input validation errors. The cross-site scripting and HTML injection vulnerabilities may allow for theft of cookie-based authentication credentials or other attacks. The SQL injection vulnerabilities may permit a remote attacker to compromise the software or launch attacks other attacks against the database.

Mitigation:

Input validation should be used to prevent malicious input from entering the system. Additionally, the application should be kept up to date with the latest security patches.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14425/info

Kayako LiveResponse is prone to multiple cross-site scripting, SQL injection, and HTML injection vulnerabilties. These issues are all related to input validation errors.

The cross-site scripting and HTML injection vulnerabilities may allow for theft of cookie-based authentication credentials or other attacks. The SQL injection vulnerabilities may permit a remote attacker to compromise the software or launch attacks other attacks against the database. 

http://www.example.com/index.php?username="><script>alert(document.cookie)</script>

Navigation

Suggest Exploit

Services By CQR