Kayako SupportSuite 3.60.04 Multiple Persistent Cross Site Scripting

2010-01-31 / 2010-02-01
Credit: BKz
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2010-0460
CWE: CWE-79


CVSS Base Score: 3.5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 6.8/10
Exploit range: Remote
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

########################################################## # Comodo Group # # Vendor : Kayako Infotech Ltd. # URL : http://www.kayako.com/ # Version : Kayako SupportSuite <= 3.60.04 ########################################################## We've discovered multiple persistent cross site scripting vulnerabilities in the latest version of Kayako SupportSuite (3.60.04). Because of improper input validation an attacker (authenticated staff member) can inject javascript code into the body or even subject of a knowledge base article which will execute in to context of the victim's browser when they view the pages in question. THis makes it possible to steal cookies, hijack sessions and more. The severity of this is augmented by the fact that the subjects of newly published articles appear on the home page of the portal making it easy to compromise a large number of users. The vendor has been notified, but until they issue a patch administrators can modify the relevant php themselves to do better input validation. BKz LPIC, Sec+, OSCP http://www.comodo.com/

References:

http://xforce.iss.net/xforce/xfdb/55859
http://www.securityfocus.com/bid/37947
http://www.securityfocus.com/archive/1/archive/1/509122/100/0/threaded
http://secunia.com/advisories/38322
http://packetstormsecurity.org/1001-advisories/kayako-xss.txt
http://osvdb.org/61928


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top