Kayako ESupport Index.PHP Multiple Parameter Cross-Site Scripting Vulnerability

Kayako ESupport Index.PHP Multiple Parameter Cross-Site Scripting Vulnerability

An exploit is not required.

The following proof of concept examples are available:

http://www.example.com/index.php?_a=knowledgebase&_j=questiondetails&_i=[INT][XSS]

http://www.example.com/index.php?_a=knowledgebase&_j=questionprint&_i=[INT][XSS]

http://www.example.com/index.php?_a=troubleshooter&_c=[INT][XSS]

http://www.example.com/index.php?_a=knowledgebase&_j=subcat&_i=[INT][XSS]

where [INT] is a valid integer value.