CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2562
https://notcve.org/view.php?id=CVE-2007-2562
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the _m parameter. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en index.php en Kayako eSupport 3.00.90 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro _m. • http://osvdb.org/36166 http://securityreason.com/securityalert/2684 http://www.securityfocus.com/archive/1/467832/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/34144 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2007-1145
https://notcve.org/view.php?id=CVE-2007-1145
Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user's name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin and Staff Control Panel. NOTE: this might issue overlap CVE-2004-1412, CVE-2005-0487, or CVE-2005-0842. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Kayako SupportSuite - ESupport 3.00.13 y 3.04.10 permiten a atacantes remotos inyectar scripts web o HTML de su elección mediante vectores no especificados referidos a (1) lostpassword ó (2) acción registrada en index.php, (3) vectores sin especificar en el formulario Submit en una acción submit en index.php, y (4) el nombre de usuario en index.php; y (5) permite a usuarios remotos autenticados inyectar scripts web o HTML de su elección mediante vectores no especificados referidos al panel de control Admin y Staff. NOTA: Esta vulnerabilidad puede solaparse con CVE-2004-1412, CVE-2005-0487, ó CVE-2005-0842. • http://osvdb.org/33535 http://osvdb.org/33536 http://secunia.com/advisories/24223 http://securityreason.com/securityalert/2335 http://www.securityfocus.com/archive/1/460591/100/0/threaded http://www.securityfocus.com/bid/22631 http://www.vupen.com/english/advisories/2007/0717 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.6EPSS: 1%CPEs: 2EXPL: 2CVE-2006-4011 – Kayako eSupport 2.3.1 - 'subd' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-4011
PHP remote file inclusion vulnerability in esupport/admin/autoclose.php in Kayako eSupport 2.3.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the subd parameter. Vulnerabilidad de inclusión remota de archivo en PHP en esupport/admin/autoclose.php de Kayako eSupport 2.3.1 y anteriores, cuando register_globals está habilitado, permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro subd. • https://www.exploit-db.com/exploits/2115 http://secunia.com/advisories/21330 http://www.securityfocus.com/bid/19315 https://exchange.xforce.ibmcloud.com/vulnerabilities/28199 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2005-0842 – Kayako ESupport 2.3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-0842
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) _i or (2) _c parameter. • https://www.exploit-db.com/exploits/25257 http://marc.info/?l=bugtraq&m=111151292704335&w=2 http://secunia.com/advisories/13563 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0487
https://notcve.org/view.php?id=CVE-2005-0487
Cross-site scripting (XSS) vulnerability in index.php for Kayako ESupport 2.3.1, and possibly other versions, allows remote attackers to inject arbitrary HTML and web script via the nav parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados en index.php para Kayako ESupport 2.3.1 y posiblemete otras versiones, permite a atacantes remotos la inyección de HTML arbitrario y scripts web, mediante el parámetro nav. • http://marc.info/?l=full-disclosure&m=110845724029888&w=2 http://www.securityfocus.com/bid/12563 https://exchange.xforce.ibmcloud.com/vulnerabilities/18571 •