Kayako SupportSuite Multiple Vulnerabilities

Kayako SupportSuite is prone to the following vulnerabilities:

1. Multiple HTML-injection vulnerabilities.
2. A remote code-execution vulnerability.
3. Multiple cross-site scripting vulnerabilities.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected application, potentially allowing the attacker to steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible.

Kayako SupportSuite 3.70.02-stable and prior versions are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus