Vulnerabilities > Kayako > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-09-15 | CVE-2012-3233 | Cross-Site Scripting vulnerability in Kayako Fusion 4.40.1148 Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 4.3 |
| 2012-09-06 | CVE-2012-4872 | Cross-Site Scripting vulnerability in Kayako Fusion Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako Fusion before 4.40.985 allows remote attackers to inject arbitrary web script or HTML via certain vectors, possibly a crafted ticket description. | 4.3 |
| 2009-10-06 | CVE-2009-3567 | Cross-Site Scripting vulnerability in Kayako Esupport and Supportsuite Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff control panel, a different vector than CVE-2007-1145. | 4.3 |
| 2009-09-25 | CVE-2009-3427 | Cross-Site Scripting vulnerability in Kayako Supportsuite 3.50.06 Cross-site scripting (XSS) vulnerability in Kayako SupportSuite 3.50.06 allows remote attackers to inject arbitrary web script or HTML via the subject field in a ticket. | 4.3 |
| 2008-10-28 | CVE-2008-4761 | Cross-Site Scripting vulnerability in Kayako Esupport 3.20.2 Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsMakeSrc parameter. | 4.3 |
| 2008-08-15 | CVE-2008-3701 | SQL Injection vulnerability in Kayako Supportsuite SQL injection vulnerability in staff/index.php in Kayako SupportSuite 3.20.02 and earlier allows remote authenticated users to execute arbitrary SQL commands via the customfieldlinkid parameter in a delcflink action. | 6.5 |
| 2008-08-15 | CVE-2008-3700 | Cross-Site Scripting vulnerability in Kayako Supportsuite Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation. | 4.3 |
| 2008-01-23 | CVE-2008-0395 | Information Exposure vulnerability in Kayako Supportsuite 3.11.01 Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal. | 5.0 |
| 2007-05-09 | CVE-2007-2562 | Cross-Site Scripting vulnerability in Kayako Esupport 3.00.90 Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the _m parameter. network kayako | 4.3 |
| 2007-03-02 | CVE-2007-1145 | Cross-Site Scripting vulnerability in Kayako Esupport 3.00.13/3.04.10 Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user's name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin and Staff Control Panel. | 4.3 |