Kayako SupportSuite Multiple Vulnerabilities
Kayako SupportSuite is prone to the following vulnerabilities:
1. Multiple HTML-injection vulnerabilities.
2. A remote code-execution vulnerability.
3. Multiple cross-site scripting vulnerabilities.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected application, potentially allowing the attacker to steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible.
Kayako SupportSuite 3.70.02-stable and prior versions are vulnerable.