Vulnerabilities > Kayako > Esupport > 2.3.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-10-06 | CVE-2009-3567 | Cross-Site Scripting vulnerability in Kayako Esupport and Supportsuite Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff control panel, a different vector than CVE-2007-1145. | 4.3 |
| 2006-08-07 | CVE-2006-4011 | Remote File Include vulnerability in Kayako Esupport 2.3/2.3.1 PHP remote file inclusion vulnerability in esupport/admin/autoclose.php in Kayako eSupport 2.3.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the subd parameter. | 2.6 |
| 2005-03-30 | CVE-2005-0487 | Cross-Site Scripting vulnerability in Kayako Esupport 2.3.1 Cross-site scripting (XSS) vulnerability in index.php for Kayako ESupport 2.3.1, and possibly other versions, allows remote attackers to inject arbitrary HTML and web script via the nav parameter. network kayako | 6.8 |