Kayako eSupport Multiple XSS

medium Nessus Network Monitor Plugin ID 2621

Synopsis

The remote host is running Kayako eSupport, a web-based support and help desk application.

Description

The remote host is running Kayako eSupport, a web-based support and help desk application. This version of Kayako is vulnerable to a Cross-Site Scripting (XSS) attack. An attacker exploiting this flaw would need to be able to convince an unsuspecting user to visit a malicious website. Upon successful exploitation, the attacker would be able to possibly steal credentials or execute browser-side code.

Solution

Upgrade to a version greater than 2.3.1.

See Also

http://www.securityfocus.com/archive/1/393946

http://forums.kayako.com/showthread.php?t=2689

http://www.kayako.com

Plugin Details

Severity: Medium

ID: 2621

Family: CGI

Published: 2/15/2005

Updated: 3/6/2019

Nessus ID: 16474, 17598

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 6.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:kayako:esupport

Reference Information

CVE: CVE-2005-0487, CVE-2005-0842, CVE-2005-2460, CVE-2005-2461, CVE-2005-2462, CVE-2005-2463

BID: 12563, 14425, 12868