19 lines
No EOL
862 B
Text
19 lines
No EOL
862 B
Text
source: http://www.securityfocus.com/bid/12868/info
|
|
|
|
Kayako ESupport is prone to a cross-site scripting vulnerability.
|
|
|
|
Multiple parameters of the 'index.php' script can be exploited to pass malicious HTML and script code to the application.
|
|
|
|
This would occur in the security context of the affected Web site and may allow for theft of cookie-based authentication credentials or other attacks.
|
|
|
|
ESupport 2.3 is reported vulnerable, however, it is possible that other versions are affected as well.
|
|
|
|
http://www.example.com/index.php?_a=knowledgebase&_j=questiondetails&_i=[INT][XSS]
|
|
|
|
http://www.example.com/index.php?_a=knowledgebase&_j=questionprint&_i=[INT][XSS]
|
|
|
|
http://www.example.com/index.php?_a=troubleshooter&_c=[INT][XSS]
|
|
|
|
http://www.example.com/index.php?_a=knowledgebase&_j=subcat&_i=[INT][XSS]
|
|
|
|
where [INT] is a valid integer value. |