CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4638
https://notcve.org/view.php?id=CVE-2005-4638
index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to obtain the full path via (1) _a and (2) newsid parameters in the news module, (3) downloaditemid parameter in the downloads module, and (4) kbarticleid parameter in the knowledgebase module. • http://pridels0.blogspot.com/2005/12/kayako-supportsuite-multiple-vuln.html http://www.osvdb.org/22226 https://exchange.xforce.ibmcloud.com/vulnerabilities/23917 •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 5CVE-2005-2460 – Kayako Live Response 2.0 - 'index.php?Username' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-2460
Multiple cross-site scripting (XSS) vulnerabilities in Kayako liveResponse 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter or (2) name field when entering a session or sending a message. • https://www.exploit-db.com/exploits/26051 http://marc.info/?l=bugtraq&m=112274359718863&w=2 http://secunia.com/advisories/16286 http://www.gulftech.org/?node=research&article_id=00092-07302005 http://www.osvdb.org/18395 http://www.osvdb.org/18397 http://www.securityfocus.com/bid/14425 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2005-0842 – Kayako ESupport 2.3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-0842
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) _i or (2) _c parameter. • https://www.exploit-db.com/exploits/25257 http://marc.info/?l=bugtraq&m=111151292704335&w=2 http://secunia.com/advisories/13563 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0487
https://notcve.org/view.php?id=CVE-2005-0487
Cross-site scripting (XSS) vulnerability in index.php for Kayako ESupport 2.3.1, and possibly other versions, allows remote attackers to inject arbitrary HTML and web script via the nav parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados en index.php para Kayako ESupport 2.3.1 y posiblemete otras versiones, permite a atacantes remotos la inyección de HTML arbitrario y scripts web, mediante el parámetro nav. • http://marc.info/?l=full-disclosure&m=110845724029888&w=2 http://www.securityfocus.com/bid/12563 https://exchange.xforce.ibmcloud.com/vulnerabilities/18571 •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 3CVE-2004-1413 – Kayako eSupport 2.x - Ticket System Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2004-1413
Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow remote attackers to execute arbitrary SQL commands via the (1) subcat, (2) rate, (3) questiondetails, (4) ticketkey22, (5) email22 parameters to index.php, or (6) the e-mail field of the Forgot Key feature. • https://www.exploit-db.com/exploits/25038 http://marc.info/?l=bugtraq&m=110352428607171&w=2 http://www.gulftech.org/?node=research&article_id=00056-12182004 http://www.securityfocus.com/bid/12037 https://exchange.xforce.ibmcloud.com/vulnerabilities/18572 •