Persistent XSS in Kayako Support Suite

2009.05.07

Credit: BKz

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

 ##########################################################
# Comodo Group
#
# Vendor : Kayako Infotech Ltd.
# URL : http://www.kayako.com/
# Version : Kayako SupportSuite < 3.04.10
##########################################################

We've discovered a persistent XSS vulnerability in Kayako Support Suite Version 3.04.10.  Although other similar XSS and SQL injection vectors such GET requests/URLs and other vulnerable POST fields have been previously published, we've found no reference to this particular one.  Current versions are not vulnerable, however this particular vector has not been previously disclosed.

In verion 3.04.10 (and probably others) an attacker (authenticated staff member) can inject code simply by creating a support ticket and including a javascript in the ticket notes.  The script will execute in the context of the browser of any staff member who views the ticket allowing the attacker to steal cookies, spoof web pages, etc.  

BKz
LPIC, Sec+, OSCP
http://www.comodo.com

References:

http://seclists.org/bugtraq/2009/May/0052.html

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Persistent XSS in Kayako Support Suite

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.