Vulnerabilities > Kayako > Esupport > Medium

DATE CVE VULNERABILITY TITLE RISK
2009-10-06 CVE-2009-3567 Cross-Site Scripting vulnerability in Kayako Esupport and Supportsuite
Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff control panel, a different vector than CVE-2007-1145.
network
kayako CWE-79
4.3
4.3
2008-10-28 CVE-2008-4761 Cross-Site Scripting vulnerability in Kayako Esupport 3.20.2
Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsMakeSrc parameter.
network
kayako CWE-79
4.3
4.3
2007-05-09 CVE-2007-2562 Cross-Site Scripting vulnerability in Kayako Esupport 3.00.90
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the _m parameter.
network
kayako
4.3
4.3
2007-03-02 CVE-2007-1145 Cross-Site Scripting vulnerability in Kayako Esupport 3.00.13/3.04.10
Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user's name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin and Staff Control Panel.
network
kayako CWE-79
4.3
4.3
2005-05-02 CVE-2005-0842 Unspecified vulnerability in Kayako Esupport 2.3
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) _i or (2) _c parameter.
network
kayako
4.3
4.3
2005-03-30 CVE-2005-0487 Cross-Site Scripting vulnerability in Kayako Esupport 2.3.1
Cross-site scripting (XSS) vulnerability in index.php for Kayako ESupport 2.3.1, and possibly other versions, allows remote attackers to inject arbitrary HTML and web script via the nav parameter.
network
kayako
6.8
6.8
2004-12-31 CVE-2004-1413 Cross-Site Scripting and SQL Injection vulnerability in Kayako ESupport
Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow remote attackers to execute arbitrary SQL commands via the (1) subcat, (2) rate, (3) questiondetails, (4) ticketkey22, (5) email22 parameters to index.php, or (6) the e-mail field of the Forgot Key feature.
network
low complexity
kayako
5.0
5.0
2004-12-31 CVE-2004-1412 Cross-Site Scripting and SQL Injection vulnerability in Kayako ESupport
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.x allows remote attackers to inject arbitrary web script or HTML via the searchm parameter.
network
kayako
4.3
4.3