CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 3CVE-2004-1413 – Kayako eSupport 2.x - Ticket System Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2004-1413
Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow remote attackers to execute arbitrary SQL commands via the (1) subcat, (2) rate, (3) questiondetails, (4) ticketkey22, (5) email22 parameters to index.php, or (6) the e-mail field of the Forgot Key feature. • https://www.exploit-db.com/exploits/25038 http://marc.info/?l=bugtraq&m=110352428607171&w=2 http://www.gulftech.org/?node=research&article_id=00056-12182004 http://www.securityfocus.com/bid/12037 https://exchange.xforce.ibmcloud.com/vulnerabilities/18572 •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 3CVE-2004-1412 – Kayako eSupport 2.x - 'index.php' Knowledgebase Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-1412
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.x allows remote attackers to inject arbitrary web script or HTML via the searchm parameter. • https://www.exploit-db.com/exploits/25037 http://marc.info/?l=bugtraq&m=110352428607171&w=2 http://www.gulftech.org/?node=research&article_id=00056-12182004 http://www.securityfocus.com/bid/12037 https://exchange.xforce.ibmcloud.com/vulnerabilities/18571 •